';
dispMenu();
diff --git a/include/rss.php b/include/rss.php
new file mode 100644
index 0000000000000000000000000000000000000000..22a5dbedbbe62fd6c92ce028553aeac8a1cc7c37
--- /dev/null
+++ b/include/rss.php
@@ -0,0 +1,57 @@
+';
+ echo '
';
+ $tab_rss[$_GET['rss']]();
+ echo ' ';
+ }
+
+function dispRssChannelNews() {
+ $str = '
';
+ $str .= 'Actualités EPTV ';
+ $str .= ' http://www.eptv.fr/?html=News';
+ $str .= 'L\'actualités d\'EPTV ';
+ $str .= 'fr ';
+ $str .= 'EPTV ';
+ $result = getLastNews(0);
+ if (mysql_num_rows($result))
+ while ($news = mysql_fetch_array($result)) {
+ $str .= '- ';
+ $str .= '
'.htmlspecialchars(strip_tags($news["news_title"])).' ';
+ $str .= ''.htmlspecialchars(strip_tags($news["news_comment"])).' ';
+ $str .= ''.htmlspecialchars(date("r", strtotime($news["news_date"]))).' ';
+ $str .= ' ';
+ }
+ $str .= ' ';
+ echo $str;
+}
+
+function dispRssChannelVideos() {
+ $str = '
';
+ $str .= 'Vidéos EPTV ';
+ $str .= ' http://www.eptv.fr/?html=Videos';
+ $str .= 'Le flux des vidéos d\'EPTV ';
+ $str .= 'fr ';
+ $str .= 'EPTV ';
+ $result = getLastVideosByTendu(0);
+ if (mysql_num_rows($result))
+ while ($video = mysql_fetch_array($result)) {
+ $str .= '- ';
+ $str .= '
'.htmlspecialchars(strip_tags($video["video_name"])).' ';
+ $str .= ''.htmlspecialchars(strip_tags($video["video_comment"])).' ';
+ $str .= ''.htmlspecialchars(date("r", strtotime($video["video_date"]))).' ';
+ $str .= ' ';
+ }
+ $str .= ' ';
+ echo $str;
+}
+?>
diff --git a/include/script.js b/include/script.js
index 6d72fd152f67b4f1858d32522db6e2e41102970f..b54602816357780ba4d32c13f78ce984f91e3846 100644
--- a/include/script.js
+++ b/include/script.js
@@ -1,7 +1,5 @@
-
diff --git a/include/functions_sql_admin.php b/include/sql.php
similarity index 73%
rename from include/functions_sql_admin.php
rename to include/sql.php
index fc5fcf8fe27ff55b53f087ca269c416da65d7917..a0f9934fb77fe68aa788d562099550985d5cc54e 100644
--- a/include/functions_sql_admin.php
+++ b/include/sql.php
@@ -1,102 +1,200 @@
-
+can't connect");
+ mysql_select_db($db_name, $db) or die("
can't find database ");
+ mysql_set_charset("utf8", $db);
+}
-include "include/db_connect.php";
+################################
+########## SQL NEWS ########
+################################
+function getOneNews($news_id) {
+ $news_id = mysql_real_escape_string($news_id);
+ $query = "select * from $DB.news_db WHERE news_id = '$news_id'";
+ return mysql_query($query);
+}
-#######################################################
-#################### PHOTOS ######################
-#######################################################
+function getLastNews($tendu) {
+ $tendu = mysql_real_escape_string($tendu);
+ $query = "SELECT * FROM $DB.news_db INNER JOIN $DB.users_db ON news_db.news_user_id = users_db.user_id WHERE news_tendu<='$tendu' ORDER BY news_date desc, news_time desc";
+ return mysql_query($query);
+}
+################################
+########## SQL EDITO ########
+################################
+function getOneEdito($edito_id) {
+ $edito_id = mysql_real_escape_string($edito_id);
+ $query = "select * from $DB.editos_db WHERE edito_id = '$edito_id'";
+ return mysql_query($query);
+}
-function adminAddPhoto(){
+function getLastEdito() {
+ $query = "select * from $DB.editos_db ORDER BY edito_date DESC";
+ return mysql_query($query);
+}
- $name = $_POST['photo_get_name'];
- $path = $_POST['photo_get_path'];
- $tar = $_POST['photo_img_path'];
- $size = $_POST['photo_get_size'];
- $date = $_POST['photo_get_date'];
- $time = get_time();
- $type = $_POST['photo_type'];
- $comment = $_POST['photo_comment'];
- $tendu = $_POST['photo_tendu'];
+function getAllEdito() {
+ $query = "select * from $DB.editos_db ORDER BY edito_date DESC";
+ return mysql_query($query);
+}
- $id_user = $_SESSION["user_id"];
+################################
+########## SQL VIDEOS ########
+################################
- $query = " INSERT INTO `photos_db` ";
- $query .= "( `photo_id`, `photo_name`, `photo_path`, `photo_size`, `photo_date`,
- `photo_time`, `photo_type`, `photo_comment`, `photo_tendu`, `photo_img_path`, `photo_user_id`) ";
+function getOneVideo($vid_id){
+ $vid_id = mysql_real_escape_string($vid_id);
+ $query = "select * from $DB.videos_db WHERE video_id = '$vid_id'";
+ return mysql_query($query);
+}
- $query .= "VALUES ( '', '$name', '$path' , '$size', '$date',
- '$time', '$type', '$comment', '$tendu', NULL, '$id_user') ";
- mysql_query($query)
- or die("Add photo Query failed");
+function getAllVideos() {
+ $query = "select * from $DB.videos_db ORDER BY video_date desc, video_time desc";
+ return mysql_query($query);
+}
+function getLastVideos() {
+ $query = "select * from $DB.videos_db ORDER BY video_id desc";
+ return mysql_query($query);
+}
-$auto_news = $_POST['auto_www_news'];
+function getVideosByType($type) {
+ $type = mysql_real_escape_string($type);
+ $query = "select * from $DB.videos_db WHERE video_type='$type' ORDER BY video_date desc";
+ return mysql_query($query);
+}
-if ($auto_news)
-{
- $title = 'Nouvel Album Photo: '.$name;
+function getVideosByYearAndTypeAndTendu($year, $type, $tendu) {
+ $year = mysql_real_escape_string($year);
+ $type = mysql_real_escape_string($type);
+ $tendu = mysql_real_escape_string($tendu);
+ if ($year == 0)
+ $query = "select * from $DB.videos_db
+ WHERE video_type='$type' AND video_tendu<='$tendu' AND YEAR(video_date)<='2000'
+ ORDER BY video_date desc";
+ else
+ $query = "select * from $DB.videos_db
+ WHERE video_type='$type' AND video_tendu<='$tendu' AND YEAR(video_date)='$year'
+ ORDER BY video_date desc";
+ return mysql_query($query);
+}
- $query = " INSERT INTO `news_db` ";
- $query .= "( `news_id`, `news_title`, `news_date`, `news_time`, `news_comment`, `news_user_id`, `news_tendu`)";
+function getLastVideosByTendu($tendu) {
+ $tendu = mysql_real_escape_string($tendu);
+ $query = "select * from $DB.videos_db WHERE video_tendu<='$tendu' ORDER BY video_id desc";
+ return mysql_query($query);
+}
- $query .= "VALUES ( '', '$title', '$date', '$time', '$comment', '$id_user', '$tendu') ";
- mysql_query($query)
- or die("Query fucked");
+##################################
+########## SQL CONTACTS ########
+##################################
+
+function getAssoInfos() {
+ $query = "select * from $DB.asso_db";
+ return mysql_query($query);
}
+function getOneLinkById($id) {
+ $id = mysql_real_escape_string($id);
+ $query = "select * from $DB.links_db WHERE link_id='$id'";
+ return mysql_query($query);
+}
-echo '
'; // automatique redirection
+function getAllLinks() {
+ $query = "select * from $DB.links_db";
+ return mysql_query($query);
}
+###############################
+########## SQL USERS ########
+###############################
-function adminModifPhoto(){
+function getOneUserByLogin($login) {
+ $login = mysql_real_escape_string($login);
+ $query = "select * from $DB.users_db WHERE user_login='$login'";
+ return mysql_query($query);
+}
- $name = $_POST['photo_get_upname'];
- $path = $_POST['photo_get_path'];
- $tar = $_POST['photo_img_path'];
- $size = $_POST['photo_get_size'];
- $date = $_POST['photo_get_date'];
- $type = $_POST['photo_get_type'];
- $comment = $_POST['photo_get_comment'];
- $tendu = $_POST['photo_get_tendu'];
+function getOneUserByPseudo($pseudo) {
+ $pseudo = mysql_real_escape_string($pseudo);
+ $query = "select * from $DB.users_db WHERE user_pseudo='$pseudo'";
+ return mysql_query($query);
+}
- $vid_id = $_GET['vid_id'];
+function getOneUserById($id) {
+ $id = mysql_real_escape_string($id);
+ $query = "select * from $DB.users_db WHERE user_id='$id'";
+ return mysql_query($query);
+}
- $query = " UPDATE `photos_db` ";
- $query .= " SET `photo_name` = '$name', `photo_path` = '$path', `photo_date` = '$date', `photo_size` = '$size',
- `photo_time` = 'get_time()', `photo_type` = '$type', `photo_comment` = '$comment', `photo_tendu` = '$tendu' ";
- $query .= " WHERE `photo_id` = '$vid_id' LIMIT 1";
+function getAllUsers() {
+ $query = "select * from $DB.users_db WHERE user_right < 7 ORDER BY user_right desc";
+ return mysql_query($query);
+}
- mysql_query($query)
- or die("Query failed");
+function getUsersByStatut($statut) {
+ $statut = mysql_real_escape_string($statut);
+ $query = "SELECT * FROM $DB.users_db WHERE user_statut='$statut' ORDER BY user_right desc";
+ return mysql_query($query);
+}
+################################
+########## SQL MEMBERS ########
+################################
-echo '
'; // automatique redirection
+function getAllMembers() {
+ $query = "select * from $DB.users_db WHERE user_right >= 7";
+ return mysql_query($query);
+}
+function getAnExistingStatut($statut) {
+ $statut = mysql_real_escape_string($statut);
+ $query = "select * from $DB.users_db WHERE user_statut = '$statut'";
+ return mysql_query($query);
}
- function adminDeletePhoto(){
+####################################
+########## SQL Blacklist ########
+####################################
- $name = $_POST['photo_get_upname'];
- $path = $_POST['file_serveur'];
- $date = $_POST['photo_get_date'];
- $up_date = get_time();
- $vid_id = $_GET['vid_id'];
+function getOneBlacklistById($id) {
+ $id = mysql_real_escape_string($id);
+ $query = "select * from $DB.blacklist_db WHERE blacklist_id='$id'";
+ return mysql_query($query);
+}
- $query = " DELETE FROM `photos_db` ";
- $query .= " WHERE `photo_id` = '$vid_id' LIMIT 1";
+function getOneBlacklistByLogin($login) {
+ $login = mysql_real_escape_string($login);
+ $query = "select * from $DB.blacklist_db WHERE blacklist_login='$login'";
+ return mysql_query($query);
+}
- mysql_query($query)
- or die("Query failed");
+function getAllBlacklist() {
+ $query = "select * from $DB.blacklist_db";
+ return mysql_query($query);
+}
-echo '
'; // automatique redirection
+function getAllBlacksite() {
+ $query = "select * from $DB.blacksites_db";
+ return mysql_query($query);
}
+function getOneBlacksiteById($id) {
+ $id = mysql_real_escape_string($id);
+ $query = "select * from $DB.blacksites_db WHERE blacksite_id='$id'";
+ return mysql_query($query);
+}
+/* FIXME: Check strip under here */
#######################################################
@@ -622,7 +720,7 @@ function adminAddBlacklist(){
mysql_query($query)
or die("Query failed");
-echo '
'; // automatique redirection
+ echo '
'; // automatique redirection
}
@@ -673,7 +771,7 @@ function adminAddBlacksite(){
mysql_query($query)
or die("Query failed");
-echo '
'; // automatique redirection
+ echo '
'; // automatique redirection
}
@@ -690,7 +788,7 @@ function adminModifBlacksite(){
mysql_query($query)
or die("Query failed");
-echo '
'; // automatique redirection
+ echo '
'; // automatique redirection
}
@@ -704,9 +802,7 @@ function adminDelBlacksite(){
mysql_query($query)
or die("Query failed");
-echo '
'; // automatique redirection
+ echo '
'; // automatique redirection
}
-
-
?>
\ No newline at end of file
diff --git a/index.php b/index.php
index 1380e74f557f1a6538f0df3cd760a120cf42e78b..ca3fc7c7e2f9d4e0d4487bc6a463ac5832a5cffc 100644
--- a/index.php
+++ b/index.php
@@ -2,11 +2,12 @@
session_start();
// include all stuff
-include_once "include/db_connect.php";
-include_once "include/functions_sql.php";
+include_once "include/global.php";
+include_once "include/sql.php";
+include_once "include/auth.php";
include_once "include/functions_www.php";
include_once "include/functions_display.php";
-include_once "include/global.php";
+include_once "include/rss.php";
include_once "include/html.php";
include_once "include/menu.php";
include_once "include/footer.php";
@@ -19,32 +20,13 @@ include_once "include/contacts.php";
include_once "include/dailymotion.php";
include_once "include/admin_home.php";
-// define user right and id if new session
-if (!$_SESSION["user_id"] or !$_SESSION["user_right"]) {
- $_SESSION["user_id"] = 0;
- $_SESSION["user_right"] = 0;
- }
-
-// if user is blacklisted redirect it
-if ($_SESSION["user_right"] == -1) {
- go_random_blacksite();
- return;
- }
-
-// No logged user is allowed without https!
-if ($_SERVER['HTTPS'] != "on" && $_SESSION["user_id"] > 0)
- userDisconnect();
-
-// Authentification process
-if ($_GET['connect']) {
- $connect_tv = $_GET['connect'];
- if ($connect_tv == 1)
- checkUser($_POST['user_login'], $_POST['user_pass']);
- else if ($connect_tv == -1)
- userDisconnect();
- }
-
-// Download video
+// initinialize db connections
+sql_init();
+
+// initialize auth system
+auth_init();
+
+// Video download
if ($_GET['video'])
return getVideo();
@@ -52,6 +34,10 @@ if ($_GET['video'])
if ($_GET['dailymotion'])
return getDailymotion();
+// Get an rss stream
+if ($_GET['rss'])
+ return getRss();
+
// Display section
getHtml();
?>