Commit acd095a7 authored by Seblu's avatar Seblu

add rss stream (news and videos)

fix db latin1 connection in place of utf8
general sql reorganisation
new auth system
fix html errors (W3C HTML validator help me)
merge admin sql code
auth system rewrote
parent 0f1a2e79
......@@ -38,6 +38,8 @@ li a {
img {
margin: 0 auto;
padding: 0px;
border: 0px;
text-align: right;
}
.clr {
......
......@@ -3,7 +3,6 @@
function dispAdminHome() {
include_once "include/admin_tables.php";
include_once "include/functions_sql_admin.php";
include_once "include/admin_menu.php";
include_once "include/admin_videos.php";
include_once "include/admin_news.php";
......@@ -352,8 +351,7 @@ $str .= '
}
else
{
$str = '
$str = '<div id="all_side">
<table width="100%">
<tr>
......@@ -367,7 +365,7 @@ $str = '
</td>
</tr>
</tr>
</table>
</table></div>
';
}
......
<?
function dispAdminMenu() {
$str = '
</TR>
';
if ($_SESSION["user_right"] >= $GLOBALS["PRIV_GUEST"]) {
$str .= '
<div>
<a href="index.php?html=AdminHome&section_admin=AdminVideos" class="texte_link">Videos</a>
</div>
';
}
$str .= '
<div>
<a href="index.php?html=AdminHome&section_admin=AdminNews" class="texte_link">News</a>
</div>
';
if ($_SESSION["user_right"] >= $GLOBALS["EPTV"]) {
$str .= '
<div>
<a href="index.php?html=AdminHome&section_admin=AdminEdito" class="texte_link">Edito</a>
</div>
<div>
<a href="index.php?html=AdminHome&section_admin=AdminLinks" class="texte_link">Links</a>
</div>
<div>
<a href="index.php?html=AdminHome&section_admin=AdminMembers" class="texte_link">EPTV Members</a>
</div>
<div>
<a href="index.php?html=AdminHome&section_admin=AdminUsers" class="texte_link">Users</a>
</div>
<div>
<a href="index.php?html=AdminHome&section_admin=AdminBlacklist" class="texte_link">Blacklist</a>
</div>
<div>
<a href="munin/" target="_blank" class="texte_link">Munin</a>
</div>
<div>
<a href="phpmyadmin/" target="_blank" class="texte_link">PHPMyAdmin</a>
</div>
';
}
return $str;
$str = '</tr>';
if ($_SESSION["user_right"] >= $GLOBALS["PRIV_GUEST"])
$str .= '<div><a href="index.php?html=AdminHome&section_admin=AdminVideos" class="texte_link">Videos</a></div>';
if ($_SESSION["user_right"] >= $GLOBALS["EPTV"]) {
$str .= '<div><a href="index.php?html=AdminHome&section_admin=AdminNews" class="texte_link">News</a></div>';
$str .= '<div><a href="index.php?html=AdminHome&section_admin=AdminEdito" class="texte_link">Edito</a></div>';
$str .= '<div><a href="index.php?html=AdminHome&section_admin=AdminLinks" class="texte_link">Links</a></div>';
$str .= '<div><a href="index.php?html=AdminHome&section_admin=AdminMembers" class="texte_link">EPTV Members</a></div>';
$str .= '<div><a href="index.php?html=AdminHome&section_admin=AdminUsers" class="texte_link">EPTV Fans</a></div>';
$str .= '<div><a href="index.php?html=AdminHome&section_admin=AdminBlacklist" class="texte_link">Blacklist</a></div>';
$str .= '<div><a href="munin/" target="_blank" class="texte_link">Munin</a></div>';
$str .= '<div><a href="phpmyadmin/" target="_blank" class="texte_link">PHPMyAdmin</a></div>';
}
return $str;
}
\ No newline at end of file
<?php
function auth_init() {
// define user right and id if new session
if (!$_SESSION["user_id"] or !$_SESSION["user_right"]) {
$_SESSION["user_id"] = 0;
$_SESSION["user_right"] = 0;
}
// No logged user is allowed without https!
if ($_SERVER['HTTPS'] != "on" && $_SESSION["user_id"] > 0)
auth_disconnect();
// Process auth if asked
if ($_POST['connect']) {
if (!auth_connect(stripslashes($_POST['user_login']),
stripslashes($_POST['user_pass'])))
redirect('/?html=Connection&fail='.stripslashes($_POST['user_login']));
}
//Process disconnect if asked
if ($_POST['disconnect'])
auth_disconnect();
}
function auth_connect($login, $pass) {
$md5_pass = md5($pass);
$result = getOneUserByLogin($login);
if (mysql_num_rows($result) > 0) {
$user = mysql_fetch_array($result);
if ($user["user_login"] == $login && $user["user_pass"] == $md5_pass)
if (!auth_blacklisted($login)) {
$_SESSION["user_right"] = $user["user_right"];
$_SESSION["user_id"] = $user["user_id"];
return true;
}
}
return false;
}
function auth_disconnect() {
$_SESSION["user_id"] = 0;
$_SESSION["user_right"] = 0;
}
function auth_blacklisted($login) {
$result = getOneBlacklistByLogin($login);
return mysql_num_rows($result) > 0;
}
?>
\ No newline at end of file
<?
function dispConnection(){
if ($_SESSION["user_right"] == 0)
$str .= dispConnectionLogin();
if ($_SERVER['HTTPS'] != "on") {
echo '<div id="all_side">';
echo '<p>Pour vous connecter au site, <strong>vous devez utiliser une connexion SSL</strong>!</p>';
echo '</div>';
return;
}
if ($_GET["fail"])
dispConnectionFailure();
elseif ($_SESSION["user_id"] == 0)
dispConnectionLogin();
else
$str .= dispConnectionDisconnect();
echo $str;
dispConnectionDisconnect();
}
function dispConnectionLogin() { /////// CONNECTION LOGIN ///////
function dispConnectionLogin() {
$str = '<div id="all_side">';
$str .= dispTableBegin("c o n n e x i o n", "30", 1);
if ($_SERVER['HTTPS'] == "on") {
$str .= '<form name="saisie" method="post" action="index.php?connect=1&html=Home">';
$str .= '<tr><td width="40%" class="small" align="center">Login</td></tr>';
$str .= '<tr><td width="60%" align="center"><input type="login" name="user_login" size="15" maxlength="15"></td></tr>';
$str .= '<tr><td width="40%" class="small" align="center">Pass</td></tr>';
$str .= '<tr><td width="60%" align="center"><input type="password" name="user_pass" size="15" maxlength="15"></td></tr>';
$str .= '<tr><td colspan="2" align="center"><input type="submit" value="Donne tout"><br></td></tr>';
$str .= '</form>';
}
else
$str .= "<p>Pour vous connecter au site, <strong>vous devez utiliser une connexion SSL</strong>!</p>";
$str .= dispTableEnd();
$str .= '<form id="connect" method="post" action="/">';
$str .= '<ul>';
$str .= '<h1>Connexion</h1>';
$str .= '<li>Login : <input type="login" name="user_login" size="20" size="15" maxlength="20"></li>';
$str .= '<li>Password : <input type="password" name="user_pass" size="15" maxlength="42"></li>';
$str .= '<li><input type="submit" name="connect" value="Donne tout"></li>';
$str .= '</ul>';
$str .= '</form>';
$str .= '</div>';
return $str;
}
function dispConnectionDisconnect() { /////// CONNECTION PROFIL ///////
$ID = $_SESSION["user_id"];
$result = getOneUserById($ID);
$user = mysql_fetch_array($result);
$str = '<div id="all_side">';
$str .= dispTableBegin("d &eacute; c o n n e c t e r", "30", 1);
$str .='
<form name="saisie" method="post" action="index.php?connect=-1&html=Home">
<tr><td width="40%" class="small" align="center"> <b>Salut &#224 toi
'.$user["user_pseudo"].'
</b></td></tr>
<!--
<tr><td width="40%" class="small" align="center">Status: <b>
'.get_right_name($user["user_right"]).'
</b></td></tr>
<tr><td width="40%" class="small" align="center">Rights: <b>
'.get_right_name($_SESSION["user_right"]).'
</b></td></tr>
-->
<tr><td width="40%" class="small" align="center">
'.$user["user_comment"].'
</td></tr>
<tr><td></td></tr>
<tr><td colspan="2" align="center"><input type="submit" value="D&eacute;connecter"><br></td></tr>
</form>
';
$str .= dispTableEnd();
$str .= '</div>';
return ($str);
}
// Disconnect user
function userDisconnect(){
$_SESSION["user_right"] = 0;
$_SESSION["user_id"] = 0;
}
function checkUser($Check_Login, $Check_Pass){
$result_login = getOneUserByName($Check_Login);
$result_pseudo = getOneUserByPseudo($Check_Login);
// MD5
$md5_Pass = stripslashes($Check_Pass);
$md5_Pass = md5($md5_Pass);
if (mysql_num_rows($result_login)){
$user = mysql_fetch_array($result_login);
if ($user["user_login"] == $Check_Login && $user["user_pass"] == $md5_Pass ) {
$_SESSION["user_right"] = $user["user_right"];
$_SESSION["user_id"] = $user["user_id"];
return;
}
}
else if (mysql_num_rows($result_pseudo)){
$user = mysql_fetch_array($result_pseudo);
if ($user["user_pseudo"] == $Check_Login && $user["user_pass"] == $md5_Pass ) {
$_SESSION["user_right"] = $user["user_right"];
$_SESSION["user_id"] = $user["user_id"];
return;
}
}
if (yp_check($Check_Login, $Check_Pass)) {
if ($user["user_login"] == $Check_Login){
$_SESSION["user_right"] = $user["user_right"];
$_SESSION["user_id"] = $user["user_id"];
}
else {
if (!check_blacklist($Check_Login)) {
$_SESSION["user_right"] = 3;
$_SESSION["user_id"] = 0;
}
else {
$_SESSION["user_right"] = -1;
}
}
return;
}
echo $str;
}
function check_blacklist($Check_Login) { ////// CHECK IF BLACKLISTED //////
$result = getOneBlacklistByLogin($Check_Login);
if (mysql_num_rows($result)){
$blacklist = mysql_fetch_array($result);
$try = $blacklist["blacklist_try"] + 1;
$query = " UPDATE `blacklist_db` ";
$query .= " SET `blacklist_try` = '$try' ";
$query .= " WHERE `blacklist_login` = '$Check_Login' LIMIT 1";
mysql_query($query)
or die("Query failed");
$result = getAllBlacksite();
// random un peu porc pour les fake sites.
$cpt = 0;
while ($blacksite = mysql_fetch_array($result)) {
$cpt++;
$tabsite[$cpt] = $blacksite["blacksite_id"];
}
$randsite = rand (1, $cpt);
$result = getOneBlacksiteById($tabsite[$randsite]);
$blacksite = mysql_fetch_array($result);
echo '<META HTTP-EQUIV="REFRESH" CONTENT="0; URL='.$blacksite["blacksite_adress"].'"> '; // automatique redirection
return (1);
}
return (0);
function dispConnectionDisconnect() {
$result = getOneUserById($_SESSION["user_id"]);
if (mysql_num_rows($result) > 0) {
$user = mysql_fetch_array($result);
$str = '<div id="all_side">';
$str .= '<form id="connect" method="post" action="/">';
$str .= '<ul>';
$str .= '<h1>D&eacute;connexion</h1>';
$str .= '<li>Vous allez d&eacute;connect&eacute; l\'utilisateur <strong>'.$user["user_pseudo"].'</strong> (<em>'.$user["user_login"].'</em>) !</li>';
$str .= '<li><input type="submit" name="disconnect" value="C\'est mon dernier mot"></li>';
$str .= '</ul>';
$str .= '</form>';
$str .= '</div>';
}
echo $str;
}
function go_random_blacksite() {
$result = getAllBlacksite();
// random un peu porc pour les fake sites.
$cpt = 0;
while ($blacksite = mysql_fetch_array($result)) {
$cpt++;
$tabsite[$cpt] = $blacksite["blacksite_id"];
}
$randsite = rand (1, $cpt);
$result = getOneBlacksiteById($tabsite[$randsite]);
$blacksite = mysql_fetch_array($result);
echo '<META HTTP-EQUIV="REFRESH" CONTENT="0; URL='.$blacksite["blacksite_adress"].'"> '; // automatique redirection
function dispConnectionFailure() {
$str = '<div id="all_side">';
$str .= '<p>';
$str .= '<strong>L\'authentification</strong> en tant que <em>'.$_GET["fail"].'</em> <strong>&agrave; &eacute;chou&eacute;e</strong>';
$str .= '<br/><small><em>Pour vous connecter au site, vous devez utiliser une connexion SSL!</em></small>';
$str .= '</p>';
$str .= '</div>';
echo $str;
}
?>
<?php
// This file must be copied in db.php and set correct values
$db_host = "";
$db_user = "";
$db_pass = "";
$db_name = ";
$db = mysql_connect($db_host, $db_user, $db_pass)
or die("<font color=red>can't connect</font>");
mysql_select_db($db_name, $db)
or die("<font color=red>can't find database</font>");
?>
<?
// This file must be copied in db_connect.php and set correct values
$localhost = "localhost";
$user = "eptv";
$password = "Moovu6chi3";
$bdd_name = "eptv_fr";
$db = mysql_connect($localhost, $user, $password)
or DIE("<font color=red>can't connect</font>");
mysql_select_db($bdd_name, $db)
or DIE("<font color=red>can't find database</font>");
?>
<?php
################################
########## SQL NEWS ########
################################
function getOneNews($news_id) {
$news_id = mysql_real_escape_string($news_id);
$query = "select * from $DB.news_db WHERE news_id = '$news_id'";
return mysql_query($query);
}
function getLastNews($tendu) {
$tendu = mysql_real_escape_string($tendu);
$query = "SELECT * FROM $DB.news_db INNER JOIN $DB.users_db ON news_db.news_user_id = users_db.user_id WHERE news_tendu<='$tendu' ORDER BY news_date desc, news_time desc";
return mysql_query($query);
}
################################
########## SQL EDITO ########
################################
function getOneEdito($edito_id) {
$edito_id = mysql_real_escape_string($edito_id);
$query = "select * from $DB.editos_db WHERE edito_id = '$edito_id'";
return mysql_query($query);
}
function getLastEdito() {
$query = "select * from $DB.editos_db ORDER BY edito_date DESC";
return mysql_query($query);
}
function getAllEdito() {
$query = "select * from $DB.editos_db ORDER BY edito_date DESC";
return mysql_query($query);
}
################################
########## SQL VIDEOS ########
################################
function getOneVideo($vid_id){
$vid_id = mysql_real_escape_string($vid_id);
$query = "select * from $DB.videos_db WHERE video_id = '$vid_id'";
return mysql_query($query);
}
function getAllVideos() {
$query = "select * from $DB.videos_db ORDER BY video_date desc, video_time desc";
return mysql_query($query);
}
function getLastVideos() {
$query = "select * from $DB.videos_db ORDER BY video_id desc";
return mysql_query($query);
}
function getVideosByType($type) {
$type = mysql_real_escape_string($type);
$query = "select * from $DB.videos_db WHERE video_type='$type' ORDER BY video_date desc";
return mysql_query($query);
}
function getVideosByYearAndTypeAndTendu($year, $type, $tendu) {
$year = mysql_real_escape_string($year);
$type = mysql_real_escape_string($type);
$tendu = mysql_real_escape_string($tendu);
if ($year == 0)
$query = "select * from $DB.videos_db
WHERE video_type='$type' AND video_tendu<='$tendu' AND YEAR(video_date)<='2000'
ORDER BY video_date desc";
else
$query = "select * from $DB.videos_db
WHERE video_type='$type' AND video_tendu<='$tendu' AND YEAR(video_date)='$year'
ORDER BY video_date desc";
return mysql_query($query);
}
function getLastVideosByTendu($tendu) {
$tendu = mysql_real_escape_string($tendu);
$query = "select * from $DB.videos_db WHERE video_tendu<='$tendu' ORDER BY video_id desc";
return mysql_query($query);
}
##################################
########## SQL CONTACTS ########
##################################
function getAssoInfos() {
$query = "select * from $DB.asso_db";
return mysql_query($query);
}
function getOneLinkById($id) {
$id = mysql_real_escape_string($id);
$query = "select * from $DB.links_db WHERE link_id='$id'";
return mysql_query($query);
}
function getAllLinks() {
$query = "select * from $DB.links_db";
return mysql_query($query);
}
###############################
########## SQL USERS ########
###############################
function getOneUserByName($login) {
$login = mysql_real_escape_string($login);
$query = "select * from $DB.users_db WHERE user_login='$login'";
return mysql_query($query);
}
function getOneUserByPseudo($pseudo) {
$pseudo = mysql_real_escape_string($pseudo);
$query = "select * from $DB.users_db WHERE user_pseudo='$pseudo'";
return mysql_query($query);
}
function getOneUserById($id) {
$id = mysql_real_escape_string($id);
$query = "select * from $DB.users_db WHERE user_id='$id'";
return mysql_query($query);
}
function getAllUsers() {
$query = "select * from $DB.users_db WHERE user_right < 7 ORDER BY user_right desc";
return mysql_query($query);
}
function getUsersByStatut($statut) {
$statut = mysql_real_escape_string($statut);
$query = "SELECT * FROM $DB.users_db WHERE user_statut='$statut' ORDER BY user_right desc";
return mysql_query($query);
}
################################
########## SQL MEMBERS ########
################################
function getAllMembers() {
$query = "select * from $DB.users_db WHERE user_right >= 7";
return mysql_query($query);
}
function getAnExistingStatut($statut) {
$statut = mysql_real_escape_string($statut);
$query = "select * from $DB.users_db WHERE user_statut = '$statut'";
return mysql_query($query);
}
####################################
########## SQL Blacklist ########
####################################
function getOneBlacklistById($id) {
$id = mysql_real_escape_string($id);
$query = "select * from $DB.blacklist_db WHERE blacklist_id='$id'";
return mysql_query($query);
}
function getOneBlacklistByLogin($login) {
$login = mysql_real_escape_string($login);
$query = "select * from $DB.blacklist_db WHERE blacklist_login='$login'";
return mysql_query($query);
}
function getAllBlacklist() {
$query = "select * from $DB.blacklist_db";
return mysql_query($query);
}
function getAllBlacksite() {
$query = "select * from $DB.blacksites_db";
return mysql_query($query);
}
function getOneBlacksiteById($id) {
$id = mysql_real_escape_string($id);
$query = "select * from $DB.blacksites_db WHERE blacksite_id='$id'";
return mysql_query($query);
}
?>
\ No newline at end of file
......@@ -6,7 +6,7 @@ function dispHome() {
$str .= '</div>';
$str .= '<div id="left_side">
<div id="newsbox">
<h1><img alt="" src="images/puce.png" /> <strong>Derni&egrave;res actualit&eacute;s</strong></h1>
<h1><img alt="" src="images/puce.png" />&nbsp;<strong>Derni&egrave;res actualit&eacute;s</strong>&nbsp;<a type="application/rss+xml" href="?rss=News"><img alt="Flux RSS Actuali&eacute;s" src="images/rss.png" height="14px" /></a></h1>
<ul>';
$str .=dispNewsRows(15);
......@@ -17,7 +17,7 @@ function dispHome() {
<div id="right_side">
<div class="rightbox">
<h1><img alt="" src="images/puce.png" /><strong>Edito</strong></h1>
<h1><img alt="" src="images/puce.png" />&nbsp;<strong>Edito</strong></h1>
';
$str .= dispHomeEdito();
......@@ -25,7 +25,7 @@ function dispHome() {
$str .= '
</div>
<div class="rightbox">
<h1><img alt="" src="images/puce.png" /> <strong>Derni&egrave;res vid&eacute;o</strong></h1>
<h1><img alt="" src="images/puce.png" />&nbsp;<strong>Derni&egrave;res vid&eacute;o</strong>&nbsp;<a type="application/rss+xml" href="?rss=Videos"><img alt="Flux RSS Vid&eacute;os" src="images/rss.png" height="14px" /></a></h1>
';
$str .= dispHomeLastVideos();
......
......@@ -37,6 +37,8 @@ function dispHTMLHeader() {
echo ' <title>EPTV</title>';
echo ' <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />';
echo ' <link rel="icon" type="image/vnd.microsoft.icon" href="images/eptv.ico" />';
echo ' <link rel="alternate" type="application/rss+xml" href="?rss=News" title="Acutalit&eacute;s" />';
echo ' <link rel="alternate" type="application/rss+xml" href="?rss=Videos" title="Vid&eacute;os" />';
echo ' <style type="text/css" media="screen" title="EPTV Default">';
echo ' @import url(css/default.css);';
echo ' </style>';
......@@ -47,7 +49,6 @@ function dispHTMLHeader() {
// display html body
function dispHTMLBody() {
echo '<body>';
echo ' <basefont face="lucida" />';
// echo ' <div id="main_container">';
echo ' <div id="main_header">';
dispMenu();
......
<?php
function getRss() {
$tab_rss = array();
$tab_rss["News"] = dispRssChannelNews;
$tab_rss["Videos"] = dispRssChannelVideos;
if (!isset($_GET['rss']) or !array_key_exists($_GET['rss'], $tab_rss))
die("Flux RSS introuvable!");
header('Content-type: application/rss+xml; charset=utf-8');
echo '<?xml version="1.0" encoding="utf-8" ?>';
echo '<rss version="2.0">';
$tab_rss[$_GET['rss']]();
echo '</rss>';
}
function dispRssChannelNews() {
$str = '<channel>';
$str .= '<title>Actualités EPTV</title>';
$str .= '<link>http://www.eptv.fr/?html=News</link>';
$str .= '<description>L\'actualités d\'EPTV</description>';
$str .= '<language>fr</language>';
$str .= '<copyright>EPTV</copyright>';
$result = getLastNews(0);
if (mysql_num_rows($result))
while ($news = mysql_fetch_array($result)) {
$str .= '<item>';
$str .= '<title>'.htmlspecialchars(strip_tags($news["news_title"])).'</title>';
$str .= '<description>'.htmlspecialchars(strip_tags($news["news_comment"])).'</description>';
$str .= '<pubDate>'.htmlspecialchars(date("r", strtotime($news["news_date"]))).'</pubDate>';
$str .= '</item>';
}
$str .= '</channel>';
echo $str;
}
function dispRssChannelVideos() {
$str = '<channel>';
$str .= '<title>Vidéos EPTV</title>';
$str .= '<link>http://www.eptv.fr/?html=Videos</link>';
$str .= '<description>Le flux des vidéos d\'EPTV</description>';
$str .= '<language>fr</language>';
$str .= '<copyright>EPTV</copyright>';
$result = getLastVideosByTendu(0);
if (mysql_num_rows($result))
while ($video = mysql_fetch_array($result)) {
$str .= '<item>';
$str .= '<title>'.htmlspecialchars(strip_tags($video["video_name"])).'</title>';
$str .= '<description>'.htmlspecialchars(strip_tags($video["video_comment"])).'</description>';
$str .= '<pubDate>'.htmlspecialchars(date("r", strtotime($video["video_date"]))).'</pubDate>';
$str .= '</item>';
}
$str .= '</channel>';
echo $str;
}
?>
<script language="JavaScript">
<!--
function popup_video_dailymotion(url) {
window.open(url, '', 'width=510,height=418,toolbar=no,directories=no,status=no,menubar=no,location=no,scrollbars=no,resizable=yes');
}
-->
<script type="text/javascript">
function popup_video_dailymotion(url) {
window.open(url, '', 'width=510,height=418,toolbar=no,directories=no,status=no,menubar=no,location=no,scrollbars=no,resizable=yes');
}
</script>
......@@ -2,11 +2,12 @@
session_start();
// include all stuff
include_once "include/db_connect.php";
include_once "include/functions_sql.php";
include_once "include/global.php";
include_once "include/sql.php";
include_once "include/auth.php";
include_once "include/functions_www.php";
include_once "include/functions_display.php";
include_once "include/global.php";
include_once "include/rss.php";
include_once "include/html.php";
include_once "include/menu.php";
include_once "include/footer.php";
......@@ -19,32 +20,13 @@ include_once "include/contacts.php";
include_once "include/dailymotion.php";
include_once "include/admin_home.php";
// define user right and id if new session
if (!$_SESSION["user_id"] or !$_SESSION["user_right"]) {
$_SESSION["user_id"] = 0;
$_SESSION["user_right"] = 0;
}