<?php
session_start();
?>

<?php
//if cookie IS set
if (isset($_COOKIE['visitor'])){
  $loggedin = $_COOKIE['visitor'];
  $_SESSION['user'] = $loggedin;
  include("loggedin.inc.php");
}
else{
$host="localhost";
$username="";
$password="";
$db="";
$tbl="";

//======================
$con=mysql_connect("$host", "$username", "$password")or die("cannot connect server" . mysql_error());
mysql_select_db("$db", $con)or die("cannot select $db" . mysql_error());

//======================
include("functions.inc.php");
$scname=char_check(trim($_POST['scname']));
$pass=char_check(trim($_POST['pass']));

$loginError = "Login Erorr!";
$register = "<a href='../acctindex.php'><span>Register</span></a>";

  if (!isset($_POST['submit'])){  //form has not been submitted
    echo "<h1><span>Login</span></h1>
    <form name='login' method='post' action='". $_SERVER['PHP_SELF'] ."'>
    <input type='text' name='scname' value='". htmlentities($scname,ENT_QUOTES)."' maxlength='25'  minimum='8' />
    <input type='password' name='pass' value='". htmlentities($pass,ENT_QUOTES) ."' maxlength='25'  minimum='8' />
    <input type='submit' value='Login' class='button' name='submit' />
    </form><br />
    $register";
  }
  else{  //if screen name or password was not entered into the form
    if (strlen($scname)<=0 || strlen($pass)<=0){
      echo "<h1><span>Login</span></h1>
      <form name='login' method='post' action='". $_SERVER['PHP_SELF'] ."'>
      <input type='text' name='scname' value='". htmlentities($scname,ENT_QUOTES)."' maxlength='25'  minimum='8' />
      <input type='password' name='pass' value='". htmlentities($pass,ENT_QUOTES) ."' maxlength='25'  minimum='8' />
      <input type='submit' value='Login' class='button' name='submit' />
      </form><br />
      $register";
    }
    else{ //connect to db
      mysql_select_db("$db", $con)or die("cannot select $db" . mysql_error());
      $sql=mysql_query("Select password FROM $tbl WHERE scname='$scname'");


        if (mysql_num_rows($sql)==0){  //if screen name doesnt exist
          echo "<h1><span>Login</span></h1>
         <form name='login' method='post' action='". $_SERVER['PHP_SELF'] ."'>
          <input type='text' name='scname' value='". htmlentities($scname,ENT_QUOTES)."' maxlength='25'  minimum='8' />
          <input type='password' name='pass' value='". htmlentities($pass,ENT_QUOTES) ."' maxlength='25'  minimum='8' />
          <input type='submit' value='Login' class='button' name='submit' />
          </form><br />
          $register";
        }
        else{ // Incorrect password
          while($login=mysql_fetch_array($sql)){
            if (!$pass == $login['password']){
              echo "<h1><span>Login</span></h1>
              <form name='login' method='post' action='". $_SERVER['PHP_SELF'] ."'>
              <input type='text' name='scname' value='". htmlentities($scname,ENT_QUOTES)."' maxlength='25'  minimum='8' />
              <input type='password' name='pass' value='". htmlentities($pass,ENT_QUOTES) ."' maxlength='25'  minimum='8' />
              <input type='submit' value='Login' class='button' name='submit' />
              </form><br />
              $register";
            }
            else{ //create cookie
              $expires = mktime()+(86400*30);
              $domain = "www.iEroticX.com";
              $login = $scname;
/*line 86 */  setcookie("visitor", $login, $expires, "/", $domain);
              echo $_SERVER['PHP_SELF'];
            }
          }
        }
    }
  }
}
?>

<?php
print "
<h1><span>Logged In As</span></h1>";
    echo $loggedin;
?>

<?php
// ++++++++++ allowed upload extentions ++++++++++
function isAllowedExtension($fileName) {
  $allowedExtensions = array("bmp", "gif", "jpg", "jpeg", "pjpeg", "png");
  return in_array(end(explode(".", $fileName)), $allowedExtensions);
}

// ++++++ deletes the users old pic from the directory folder ++++++
function deletePic($var){
  if($var !== "bright.jpg"){
      if($dir=opendir(getcwd())){
        while(($files = readdir($dir)) !== false){
            if($files == $var){
                unlink($var);
            }
        }
      }
     closedir($dir);
  }
}

// ++++ remove illegal characters from s/n & p/w ++++
function char_check($var){
$illegal = array("~", "`", "!", "@", "#", "$", "%", "^", "&", "*", "(", ")", "{", "}", "[", "]", ";", ":", "\'", "\'", ",", "<", ">", "?", "/", "\\", " ");
$var=str_replace($illegal, "", "$var");
return $var;
}

// +++++  encodes special characters ++++
function replace_chars($var){
$illegal=array( "'", ",",  "\"", "<", ">", "/", "~", ",", "|", "!", "$", "%", "(", ")", "*", "+", "-", "/", "=", "?", "@", "[", "\\", "]", "^", "_", "`", "{", "|", "}", ":", "…", "“", "”", "•", "™", "€", "‚", "ƒ", "„", "†", "‡", "ˆ", "‰", "Š", "‹", "Œ", "Ž", "‘", "‘", "–", "—", "˜", "š", "›", "œ", "ž", "Ÿ", "¡", "¢", "£", "¤", "¥", "¦", "§", "¨", "©", "ª", "«", "¬", "®", "¯", "°", "±", "²", "³", "´", "µ", "¶", "·", "¸", "¹", "º", "»", "¼", "½", "¾", "¿", "À", "Á", "Â", "Ã", "Ä", "Å", "Æ", "Ç", "È", "É", "Ê", "Ë", "Ì", "Í", "Î", "Ï", "Ð", "Ñ", "Ò", "Ó", "Ô", "Õ", "Ö", "×", "Ø", "Ù", "Ú", "Û", "Ü", "Ý", "Þ", "ß", "à", "á", "â", "ã", "ä", "å", "æ", "ç", "è", "é", "ê", "ë", "ì", "í", "î", "ï", "ð", "ñ", "ò", "ó", "ô", "õ", "ö", "÷", "ø", "ù", "ú", "û", "ü", "ý", "þ", "ÿ");
$replace=array("'", ",", """, "<", ">",  "⁄", "˜","‚", "¦", "!", "$", "%", "(", ")", "*", "+","-", "/", "=", "?", "@", "[", "\", "]", "^", "_", "`", "{", "|", "}", ":", "…", "“", "”", "•", "™", "€", "‚", "ƒ", "„", "†", "‡", "ˆ", "‰", "Š", "‹", "Œ", "Ž", "‘", "’", "–", "—", "˜", "š", "›", "œ", "ž", "Ÿ", "¡", "¢", "£", "¤", "¥", "¦", "§", "¨", "©", "ª", "«", "¬", "®", "¯", "°", "±", "²", "³", "´", "µ", "¶", "·", "¸", "¹", "º", "»", "¼", "½", "¾", "¿", "À", "Á", "Â", "Ã", "Ä", "Å", "Æ", "Ç", "È", "É", "Ê", "Ë", "Ì", "Í", "Î", "Ï", "Ð", "Ñ", "Ò", "Ó", "Ô", "Õ", "Ö", "×", "Ø", "Ù", "Ú", "Û", "Ü", "Ý", "Þ", "ß", "à", "á", "â", "ã", "ä", "å", "æ", "ç", "è", "é", "ê", "ë", "ì", "í", "î", "ï", "ð", "ñ", "ò", "ó", "ô", "õ", "ö", "÷", "ø", "ù", "ú", "û", "ü", "ý", "þ", "ÿ");
$var=str_replace($illegal, $replace, "$var");
return $var;
}

// +++++++++++check cdate++++++++++++++
function copy_check($var){
    if(!is_numeric($var) || strlen($var)>4 || strlen($var)<4 || $var>2009){
    $var=str_replace($var, "2009", "$var");
    return $var;
    }
    else{
    return $var;
    }
}

// +++++++++ date & time ++++++++++
$postDate=date("m-d-y");
$comDate=date("D. m/d/y h:i a");

// +++++ Random Generator Letters & Numbers +++++
function assign_random_value($num)
{
// accepts 1 - 36
  switch($num)
  {
    case "1":
     $rand_value = "A";
    break;
    case "2":
     $rand_value = "B";
    break;
    case "3":
     $rand_value = "C";
    break;
    case "4":
     $rand_value = "D";
    break;
    case "5":
     $rand_value = "E";
    break;
    case "6":
     $rand_value = "F";
    break;
    case "7":
     $rand_value = "G";
    break;
    case "8":
     $rand_value = "H";
    break;
    case "9":
     $rand_value = "I";
    break;
    case "10":
     $rand_value = "J";
    break;
    case "11":
     $rand_value = "K";
    break;
    case "12":
     $rand_value = "L";
    break;
    case "13":
     $rand_value = "M";
    break;
    case "14":
     $rand_value = "N";
    break;
    case "15":
     $rand_value = "O";
    break;
    case "16":
     $rand_value = "P";
    break;
    case "17":
     $rand_value = "Q";
    break;
    case "18":
     $rand_value = "R";
    break;
    case "19":
     $rand_value = "S";
    break;
    case "20":
     $rand_value = "T";
    break;
    case "21":
     $rand_value = "U";
    break;
    case "22":
     $rand_value = "V";
    break;
    case "23":
     $rand_value = "W";
    break;
    case "24":
     $rand_value = "X";
    break;
    case "25":
     $rand_value = "Y";
    break;
    case "26":
     $rand_value = "Z";
    break;
    case "27":
     $rand_value = "0";
    break;
    case "28":
     $rand_value = "1";
    break;
    case "29":
     $rand_value = "2";
    break;
    case "30":
     $rand_value = "3";
    break;
    case "31":
     $rand_value = "4";
    break;
    case "32":
     $rand_value = "5";
    break;
    case "33":
     $rand_value = "6";
    break;
    case "34":
     $rand_value = "7";
    break;
    case "35":
     $rand_value = "8";
    break;
    case "36":
     $rand_value = "9";
    break;
  }
return $rand_value;
}

function get_rand_id($length)
{
  if($length>0)
  {
  $rand_id="";
   for($i=1; $i<=$length; $i++)
   {
   mt_srand((double)microtime() * 1000000);
   $num = mt_rand(1,36);
   $rand_id .= assign_random_value($num);
   }
  }
return $rand_id;
}

// ++++++++++ hitcounter ++++++++++
function hitcounter($num){
    $var=$num+1;
    return $var;
}

// +++++++ Limit Comment Size +++++++
function limitComm($var){
    if(strlen($var)>400){
    $var=substr_replace($var, "", 400);
    }
    return $var;
}

// +++++ Random Number Generator +++++
function assign_random_number($num)
{
// accepts 1 - 36
  switch($num)
  {
    case "1":
     $rand_value = "1";
    break;
    case "2":
     $rand_value = "2";
    break;
    case "3":
     $rand_value = "3";
    break;
    case "4":
     $rand_value = "4";
    break;
    case "5":
     $rand_value = "5";
    break;
    case "6":
     $rand_value = "6";
    break;
    case "7":
     $rand_value = "7";
    break;
    case "8":
     $rand_value = "8";
    break;
    case "9":
     $rand_value = "9";
    break;
    case "10":
     $rand_value = "0";
    break;
  }
return $rand_value;
}

function get_rand_num($length)
{
  if($length>0)
  {
  $rand_num="";
   for($i=1; $i<=$length; $i++)
   {
   mt_srand((double)microtime() * 1000000);
   $num = mt_rand(1,10);
   $rand_num .= assign_random_number($num);
   }
  }
return $rand_num;
}

// +++++ email check +++++
function spamcheck($field){//filter_var() sanitizes the e-mail
   $field=filter_var($field, FILTER_SANITIZE_EMAIL);

//filter_var() validates the e-mail
if(filter_var($field, FILTER_VALIDATE_EMAIL)){
    return TRUE;
  }
  else{
    return FALSE;
  }
}
?>

echo $_SERVER['PHP_SELF'];

<?php
header( 'Location: http://www.iEroticX.com/storyindex.php' );
?>

<?php
    include_once("/home/ieroticx/header.inc.php");

$host="localhost";
$username="";
$password="";
$db="";

$con = mysql_connect("$host", "$username", "$password")or die("cannot connect server" . mysql_error());
mysql_select_db("$db")or die("cannot select $db" . mysql_error());

      print"<h1><span>Top Rated Stories</span></h1>
<ul>";

$tbl2="storycoms";
      $sql=mysql_query("SELECT *, AVG(stars) from $tbl2 GROUP BY unum HAVING AVG(stars)>= 4");

      //top rated story
      while($each=mysql_fetch_array($sql)){
    $check=$each[author];
    $checktbl="accounts";

            $checksql=mysql_query("SELECT * FROM $checktbl WHERE scname='$check'");
            while($chk=mysql_fetch_array($checksql)){
              if($chk[status]== 1){
                print "<li>$each[title] by <a href='/elite/s_elite.php?423413=$each[author]' title='$each[author]'><span class='fatt'>$each[author]</span></a></li>";
              }
              else{
                print "<li><a href=/story/comments.php?1767726108=$each[unum] title='$each[title]</a> by<span class='fatt'> $each[author]</span></li>";
              }
            }
      }

print "</ul>



<h1><span>Whats New From <acronym title='www.iEroticXpressions.com'>IEX's</acronym> Elite</span></h1>";


$tbl8="elite";
  $sql8=mysql_query("SELECT * FROM $tbl8 WHERE type='story' LIMIT 5")or die("cannot select $tbl3" . mysql_error());


print "<ul>";  //new elite story additions
  while($row2=mysql_fetch_array($sql8)){
    print "<li>$row2[title] by <a href='/elite/s_elite.php?423413=$row2[author]' title='$row2[author]'><span class='fatt'>$row2[author]</span></a></li>";
    }

    print "</ul>

<h1><span>Newest Stories by Members</span></h1>";


$tbl3="stories";
  $sql4=mysql_query("SELECT * FROM $tbl3 LIMIT 5")or die("cannot select $tbl3" . mysql_error());


print "<ul>";   //new member story additions
  while($row=mysql_fetch_array($sql4)){
    print "<li><a href='/story/comments.php?1767726108=$row[unum]' title='$row[title]'>$row[title]</a> by <span class='fatt'>$row[author]</span></li>";
    }
    mysql_close($con);
    print "</ul>

<h1><span>A Few Simple Guidelines</span></h1>
  <ul>
      <li>Constructive critism is more than welcomed on <acronym title='www.iEroticXpressions.com'>IEX</acronym>. In fact, say anything you like about any story or poem posted on <acronym title='www.iEroticXpressions.com'>IEX</acronym>.  Your honesty is welcomed by one and all.
      <li><b>BUT</b> personal attacks on the writers are <b>NOT</b> and will <b>NOT</b> be tolerated.  A personal attack <b>WILL</b> result in you being banned immediately.
  </ul>";


print "</div>";

        include_once("/home/ieroticx/menu_st.inc.php");
        include_once("/home/ieroticx/footer.inc.php");
?>