$v ) eval( "$" . $k . " = \"$v\";" ); function mysql_query( $query ){ global $db; return $db->query( $query ); } function mysql_fetch_array( $result ){ global $db; return $db->fetcharray( $result ); } /** fetch a row from the results * * @param mysqli_result $result the mysqli result * * @return array */ function mysql_fetch_row( $result ){ global $db; return $db->fetcharray( $result, MYSQLI_NUM ); } function mysql_insert_id(){ global $db; return $db->insertid(); } $shelfid = filter_input( INPUT_GET, 'shelfid', FILTER_SANITIZE_STRING ); $command = filter_input( INPUT_GET, 'command', FILTER_SANITIZE_STRING ); $accountid = filter_input( INPUT_COOKIE, 'accountid', FILTER_SANITIZE_STRING ); $windowid = filter_input( INPUT_GET, 'windowid', FILTER_SANITIZE_STRING ); $windowindex = filter_input( INPUT_GET, 'windowindex', FILTER_SANITIZE_STRING ); $shelfindex = filter_input( INPUT_GET, 'shelfindex', FILTER_SANITIZE_STRING ); $url = filter_input( INPUT_GET, 'url', FILTER_SANITIZE_STRING ); $name = filter_input( INPUT_GET, 'name', FILTER_SANITIZE_STRING ); switch( $command ){ case "addlink": if( $windowid == -1 ){ mysql_query( "update linkshelf.window set row=row+1 where shelfid=$shelfid and accountid=$accountid and col=0" ); mysql_query( "insert into linkshelf.window (shelfid,accountid,col,row,name) values ($shelfid,$accountid,0,0,\"no name\")" ); $windowid = mysql_insert_id(); print( "" ); } else{ $query = "select count(*) from linkshelf.link where accountid=$accountid and windowid=$windowid"; $row = mysql_fetch_row( mysql_query( "select count(*) from linkshelf.link where accountid=$accountid and windowid=$windowid" ) ); //* $row[0] = link row $query = sprintf( "insert into linkshelf.link (accountid,windowid,row,url,name) values ($accountid,$windowid,$row[0],\"%s\",\"%s\")", htmlentities( $url ), htmlentities( $name ) ); mysql_query( $query ); print( "" ); } break; case "editlink": $query = sprintf( "update linkshelf.link set name=\"%s\", url=\"$url\" where accountid=$accountid and id=$id", htmlentities( $name ), htmlentities( $url ) ); mysql_query( $query ); print( "" ); break; case "renamewindow": $query = sprintf( "update linkshelf.window set name=\"%s\" where id=$windowid and accountid=$accountid", htmlentities( $name ) ); mysql_query( $query ); print( "" ); break; case "deletewindow": $query = "select * from linkshelf.window where accountid=$accountid and id=$windowid"; $row = mysql_fetch_array( mysql_query( $query ) ); mysql_query( "update linkshelf.window set row=row-1 where accountid=$accountid and shelfid=$shelfid and col=$row[col] and row>$row[row]" ); mysql_query( "delete from linkshelf.window where accountid=$accountid and id=$windowid" ); mysql_query( "delete from linkshelf.link where accountid=$accountid and windowid=$windowid" ); print( "" ); break; case "deletelink": $query = "select * from linkshelf.window where accountid=$accountid and id=$windowid"; $row = mysql_fetch_array( mysql_query( $query ) ); mysql_query( "update linkshelf.link set row=row-1 where accountid=$accountid and windowid=$row[id] and row>$row[row]" ); mysql_query( "delete from linkshelf.link where accountid=$accountid and id=$linkid" ); print( "" ); break; case "addwindow": if( $windowselectedid ){ $row = mysql_fetch_array( mysql_query( "select * from linkshelf.window where accountid=$accountid and shelfid=$shelfid and id=$windowselectedid" ) ); mysql_query( "update linkshelf.window set row=row+1 where accountid=$accountid and shelfid=$shelfid and col=$row[col] and row>=$row[row]" ); $query = sprintf( "insert into linkshelf.window (name,accountid,shelfid,col,row) values (\"%s\",$accountid,$shelfid,$row[col],$row[row])", htmlentities( $name ) ); mysql_query( $query ); print( "" ); } else{ mysql_query( "update linkshelf.window set row=row+1 where accountid=$accountid and shelfid=$shelfid and col=0" ); $query = sprintf( "insert into linkshelf.window (name,accountid,shelfid,col,row) values (\"%s\",$accountid,$shelfid,0,0)", htmlentities( $name ) ); mysql_query( $query ); print( "" ); } break; case "windowreorder": $orderlist = explode( ",", $linkorder ); for( $i = 0; $i < count( $orderlist ); $i++ ) mysql_query( "update linkshelf.link set row=$i where accountid=$accountid and id=$orderlist[$i]" ); print( "" ); break; case "storewindoworder": $win = explode( ";", $data ); for( $i = 0; $i < count( $win ); $i++ ){ $d = explode( ",", $win[ $i ] ); mysql_query( "update linkshelf.window set col=$d[1], row=$d[2] where accountid=$accountid and id=$d[0]" ); } print( "" ); break; case "changelinkwindow": $row = mysql_fetch_array( mysql_query( "select * from linkshelf.link where accountid=$accountid and id=$linkid" ) ); mysql_query( "update linkshelf.link set row=row-1 where accountid=$accountid and windowid=$row[windowid] and row>$row[row]" ); mysql_query( "update linkshelf.link set row=row+1 where accountid=$accountid and windowid=$newwindowid" ); mysql_query( "update linkshelf.link set row=0, windowid=$newwindowid where accountid=$accountid and id=$linkid" ); print( "" ); break; case "changewindowshelf": $row = mysql_fetch_array( mysql_query( "select * from linkshelf.window where accountid=$accountid and id=$windowid" ) ); mysql_query( "update linkshelf.window set row=row-1 where accountid=$accountid and shelfid=$row[shelfid] and row>$row[row]" ); mysql_query( "update linkshelf.window set row=row+1 where accountid=$accountid and shelfid=$newshelfid" ); mysql_query( "update linkshelf.window set row=0, shelfid=$newshelfid where accountid=$accountid and id=$windowid" ); print( "" ); break; case "editshelf": //* if a share-name is already in use, feedback and go back to the form $query = sprintf( "select * from linkshelf.shelf where sharename=\"%s\" and accountid!=$accountid", htmlentities( $sharename ) ); if( $sharename && mysql_fetch_array( mysql_query( $query ) ) ){ print( "" ); die(); } $query = sprintf( "update linkshelf.shelf set name=\"%s\", sharename=\"%s\", sharepass=\"%s\" where accountid=$accountid and id=$shelfid", htmlentities( $name ), htmlentities( $sharename ), htmlentities( $sharepass ) ); mysql_query( $query ); print( "" ); break; case "addshelf": $query = sprintf( "insert into linkshelf.shelf (accountid,ord,name,sharename,sharepass) values ($accountid,$order,\"%s\",\"%s\",\"%s\")", htmlentities( $name ), htmlentities( $sharename ), htmlentities( $sharepass ) ); mysql_query( $query ); print( "" ); break; case "deleteshelf": mysql_query( "update shelf ord=ord-1 where accountid=$accountid and ord>$shelfindex" ); mysql_query( "delete from linkshelf.shelf where accountid=$accountid and id=$shelfid" ); //* delete all links and windows in this shelf $result = mysql_query( "select id from linkshelf.window where accountid=$accountid and shelfid=$shelfid" ); while( $row = mysql_fetch_array( $result ) ) $linkresult = mysql_query( "delete from linkshelf.link where accountid=$accountid and windowid=$row[id]" ); mysql_query( "delete from linkshelf.window where accountid=$accountid and shelfid=$shelfid" ); print( "" ); break; case "createaccount": mysql_query( "update linkshelf.user set external='' where external=',\"\",\"\"'" ); if( !$usr ){ print( "" ); break; } //* check to see if this is not a duplicate entry $query = sprintf( "select * from linkshelf.user where name=\"%s\" or email=\"%s\"", htmlentities( $usr ), htmlentities( $email ) ); $result = mysql_query( $query ); if( $result && $row = mysql_fetch_array( $result ) ){ print( "" ); } else{ $query = sprintf( "insert into linkshelf.user (name,pass,email,signup,referrer,affiliate) values (\"%s\",\"%s\",\"%s\",now(),\"%s\",\"%s\")", htmlentities( $usr ), htmlentities( $pss ), htmlentities( $email ), htmlentities( $referrer ), AddSlashes( $acc ) ); mysql_query( $query ); //die( $query ); $accountid = mysql_insert_id(); mysql_query( "insert into linkshelf.shelf (accountid,ord,name) values ($accountid,0,\"Shelf\")" ); $shelfid = mysql_insert_id(); srand( time() ); $result = mysql_query( "select * from linkshelf.advertiser where status=\"active\" and placements=linkcount" ); $body = "Welcome to linkshelf!\nYour username: $usr\nYour password: $pss\n\n"; $body .= "You can now log on to your links from anywhere in the world by typing http://www.linkshelf.com and entering "; $body .= "your username and password. "; /* $body .= "A short manual:\n\n"; $body .= "Adding links:\n"; $body .= "To add a link click on \"Link:add\" on the shelf you want to add the link to. Enter the URL (link-address) your want to add and enter a description. Select the window you want to create the link in or select \"create in new window\" to automatically create a new window for this link\n\n"; $body .= "Adding windows:\n "; $body .= "Click on \"Window:add\" and enter the name of the window that you want to create\n\n"; $body .= "Removing windows/links:\n"; $body .= "Click on \"Action:delete\" and select the window or link you want to delete\n\n"; $body .= "Edit windows/links:\n"; $body .= "Click on \"Action:edit\" and select the window or link you want to edit\n\n"; $body .= "Move links/windows:\n"; $body .= "Click on \"Action:move\" and click on the window or link you want to move. Links can also be moved to another window by clicking \"window\". Windows can be moved to another shelf by clicking \"shelf\".\n\n"; $body .= "Creating Shelfs:\n"; $body .= "To create a new shelf click on the tab \"account\". In the form click on \"shelf:add\" and enter a name for the new shelf. You can also enter a sharename and password. Right now this information is obsolete, but in the future you'll be able to share shelfs with other people\n\n"; $body .= "Editting Shelfs:\n"; $body .= "Click on the tab \"account\" and select \"Shelf:add\"\n\n"; $body .= "Deleting Shelfs:\n"; $body .= "Click on the tab \"account\" and select \"Shelf:delete\"\n\n"; */ @mail( $email, "Your linkshelf account", $body, "From: webmaster@linkshelf.com" ); print( "" ); } break; case "editaccount": $query = sprintf( "update linkshelf.user set language=\"$language\", email=\"%s\" where id=$accountid", htmlentities( $email ) ); mysql_query( $query ); print( "" ); break; case "forgotpass": if( !$name && !$email ){ print( "" ); die(); } $query = sprintf( "select * from linkshelf.user where ( \"%s\"=\"\" and name=\"%s\" ) or ( \"%s\"=\"\" and email=\"%s\" )", htmlentities( $email ), htmlentities( $name ), htmlentities( $name ), htmlentities( $email ) ); $result = mysql_query( $query ); if( $result && $row = mysql_fetch_array( $result ) ){ print( "" ); } else{ print( "alert( \"error in program, mail server is not configured correctly. Please contact webmaster@linkshelf.com with your account-name or username to get the information sent manually\" );\n" ); print( "self.parent.login();\n" ); print( "" ); } } else{ print( "" ); } break; case "includeexternal": $shelf = htmlentities( $shelf ); $pass = htmlentities( $pass ); if( mysql_fetch_array( mysql_query( "select * from linkshelf.shelf where sharename=\"$shelf\" and sharepass=\"$pass\"" ) ) ){ //* get the current external-string $row = mysql_fetch_array( mysql_query( "select linkshelf.external from user where id=$accountid" ) ); //* check if the shelf is not already included $external = explode( ",\"", $row['external'] ); for( $i = 1; $i < count( $external ); $i += 2 ){ if( strtolower( $shelf ) == strtolower( substr( $external[ $i ], 0, -1 ) ) ){ print( "" ); } } $external = AddSlashes( sprintf( "$row[0],\"$shelf\",\"$pass\"" ) ); mysql_query( "update linkshelf.user set external=\"$external\" where id=$accountid" ); print( "" ); } else{ print( "" ); } break; case "unlinkexternal": //* get the current external-string $row = mysql_fetch_array( mysql_query( "select linkshelf.external from user where id=$accountid" ) ); //* check if the shelf is not already included $newexternal = ""; $external = explode( ",\"", $row['external'] ); for( $i = 1; $i < count( $external ); $i += 2 ) if( $name != substr( $external[ $i ], 0, -1 ) ) $newexternal .= sprintf( ",\"%s\",\"%s\"", substr( $external[ $i ], 0, -1 ), substr( $external[ $i + 1 ], 0, -1 ) ); mysql_query( "update linkshelf.user set external=\"$newexternal\" where id=$accountid" ); print( "" ); break; default: print( "

command: $command ($_GET[command])
" ); printf( "environment: %s

", $_SERVER["QUERY_STRING"] ); } ?>