//***************************************************************************// // // // Copyright (c) 2004-2007 Jonathon Freeman // // Copyright (c) 2007 Brian Otto // // All rights reserved. // // // // This program is free software. You may use, modify, and/or redistribute // // it under the terms of the MIT License. // // // //***************************************************************************// // Initialize OvBB. require './includes/init.inc.php'; // Is the user authorized to access the Admin CP? if (!$_SESSION['permissions']['cviewadmincp']) { Unauthorized(); } // What section do they want to view? switch ($_REQUEST['section']) { case 'style': $strSection = $_REQUEST['section']; Style(); case 'skins': $strSection = $_REQUEST['section']; Skins(); case 'forums': $strSection = $_REQUEST['section']; Forums(); case 'attachments': $strSection = $_REQUEST['section']; Attachments();
function ValidatePoll($iThreadID) { global $CFG, $dbConn; // Get the values from the user. $strQuestion = $_REQUEST['question']; $aChoices = (array) $_REQUEST['choice']; $bMultipleChoices = (int) (bool) $_REQUEST['multiplechoices']; $iTimeout = (int) $_REQUEST['timeout']; // Question if (trim($strQuestion) == '') { // They either put in only whitespace or nothing at all. $aError[] = 'You must specify a question.'; } else { if (strlen($strQuestion) > $CFG['maxlen']['pollquestion']) { // The question they specified is too long. $aError[] = "The question you specified is longer than {$CFG['maxlen']['pollquestion']} characters."; } } $strQuestion = $dbConn->sanitize($strQuestion); // Choices if (count($aChoices)) { // Clean up the list of choices. while (list($iChoiceID) = each($aChoices)) { $aChoices[$iChoiceID] = trim($aChoices[$iChoiceID]); if ($aChoices[$iChoiceID] != '') { if (strlen($aChoices[$iChoiceID]) < $CFG['maxlen']['pollchoice']) { $aTemp[] = $aChoices[$iChoiceID]; } else { // The choice they specified is too long. $aError[] = "A choice you specified is longer than {$CFG['maxlen']['pollchoice']} characters."; } } } $aChoices = $aTemp; unset($aTemp); // Right number? if (count($aChoices) < 2) { // Not enough choices given. $aError[] = 'You must specify at least two choices.'; } else { if (count($aChoices) > $CFG['maxlen']['pollchoices']) { // Too many choices given. $aError[] = "The maximum number of choices is {$CFG['maxlen']['pollchoices']}."; } else { $strChoices = $dbConn->sanitize(serialize($aChoices)); } } } else { // No choices given. $aError[] = 'You must specify at least two choices.'; } // Timeout if ($iTimeout < 0 || $iTimeout > 65535) { // They don't know what timeout they want. We'll give them none. $iTimeout = 0; } // If there was an error, let's return it. if (is_array($aError)) { return $aError; } // Get information on the thread. $dbConn->query("SELECT author, visible, closed, poll FROM thread WHERE id={$iThreadID}"); if (!(list($iThreadAuthorID, $bThreadVisible, $bThreadClosed, $bHasPoll) = $dbConn->getresult())) { Msg("Invalid thread specified.{$CFG['msg']['invalidlink']}"); } // Make sure we're the author and the thread is marked for a poll. if ($iThreadAuthorID != $_SESSION['userid'] || !$bHasPoll) { Unauthorized(); } // Make sure the thread doesn't already have a poll. $dbConn->query("SELECT COUNT(*) FROM poll WHERE id={$iThreadID}"); list($bReallyHasPoll) = $dbConn->getresult(); if ($bReallyHasPoll) { Msg('The thread specified already has a poll.'); } // What is the forum we're in? $dbConn->query("SELECT parent FROM thread WHERE id={$iThreadID}"); list($iForumID) = $dbConn->getresult(); // Save the poll to the database. $dbConn->query("INSERT INTO poll(id, datetime, question, answers, multiplechoices, timeout) VALUES({$iThreadID}, {$CFG['globaltime']}, '{$strQuestion}', '{$strChoices}', {$bMultipleChoices}, {$iTimeout})"); // Finish "submitting" the thread this poll belongs to. $dbConn->query("UPDATE thread SET poll=1, closed=0, visible=1 WHERE id={$iThreadID}"); $dbConn->query("UPDATE board SET postcount=postcount+1, threadcount=threadcount+1, lpost={$CFG['globaltime']}, lposter={$_SESSION['userid']}, lthread={$iThreadID}, lthreadpcount=1 WHERE id={$iForumID}"); $dbConn->query("UPDATE citizen SET postcount=postcount+1 WHERE id={$_SESSION['userid']}"); // Update the forum stats. $dbConn->query("UPDATE stats SET content=content+1 WHERE name IN ('postcount', 'threadcount')"); // Render page. Msg("<b>Thank you for posting.</b><br /><br /><span class=\"smaller\">You should be redirected momentarily. Click <a href=\"thread.php?threadid={$iThreadID}\">here</a> if you do not want to wait any longer or if you are not redirected.</span>", "thread.php?threadid={$iThreadID}"); }
function MailUser() { global $CFG, $dbConn; // Constants define('USERID', 0); define('USERNAME', 1); define('EMAIL', 2); define('SUBJECT', 3); define('BODY', 4); // Are they logged in? if (!$_SESSION['loggedin']) { // No, so give them the bad news. Unauthorized(); } // What user do they want to send an email to? $aUserInfo[USERID] = (int) $_REQUEST['userid']; // Get the user's information. $dbConn->query("SELECT username, email, publicemail, allowmail FROM citizen WHERE id={$aUserInfo[USERID]}"); if (!(list($aUserInfo[USERNAME], $aUserInfo[EMAIL], $bPublicEMail, $bAllowMail) = $dbConn->getresult())) { Msg("Invalid user specified.{$CFG['msg']['invalidlink']}"); } // Do they have permission to e-mail this user? if (!$_SESSION['permissions']['cviewadmincp'] && !$bPublicEMail || $_SESSION['permissions']['cviewadmincp'] && !$bAllowMail && !$bPublicEMail) { // Nope, let them know the bad news. Msg("Sorry! That user has specified that they do not wish to receive e-mails through this board. If you still wish to send an e-mail to this user, please contact the <a href=\"mailto:{$CFG['general']['admin']['email']}\">administrator</a> and they may be able to help."); } // Are they submitting? if (isset($_REQUEST['submit'])) { // Get the information from the user. $aMessageInfo[SUBJECT] = $_REQUEST['subject']; $aMessageInfo[BODY] = $_REQUEST['body']; // Validate it. $aError = MailUserNow($aUserInfo, $aMessageInfo); } // Template require "./skins/{$CFG['skin']}/mailuser.tpl.php"; // Send the page. exit; }
function ViewEvent() { global $CFG, $dbConn, $aSmilies; // Does the user have authorization to use the calendar? if (!$_SESSION['permissions']['ccalendar']) { // No. Let them know the bad news. Unauthorized(); } // What event do they want to view? $iEventID = (int) $_REQUEST['eventid']; // Get the information for this event. $dbConn->query("SELECT author, startdate, title, body, private, dsmilies FROM event WHERE id={$iEventID}"); if (!(list($iAuthor, $strDate, $strTitle, $strEventInfo, $bPrivate, $bDisableSmilies) = $dbConn->getresult())) { Msg("Invalid event specified.{$CFG['msg']['invalidlink']}"); } $bPublic = !$bPrivate; // Are they allowed to view this event? if (!$bPublic && $iAuthor != $_SESSION['userid']) { // Nope. Give them the Unauthorized page. Unauthorized(); } // Parse the message. $strEventInfo = ParseMessage($strEventInfo, $bDisableSmilies); // Template require "./skins/{$CFG['skin']}/viewevent.tpl.php"; // Send the page. exit; }
function GetIP() { global $CFG, $dbConn; // Are they authorized to view IP addresses? if (!$_SESSION['permissions']['cviewips']) { // No, so give them the bad news. Unauthorized(); } // What do they want to get an IP address of? if (isset($_REQUEST['postid'])) { // Post $iPostID = (int) $_REQUEST['postid']; $strWhat = 'post'; // Get the IP address and thread ID of the post. $dbConn->query("SELECT ipaddress, parent FROM post WHERE id={$iPostID}"); if (!(list($iIP, $iThreadID) = $dbConn->getresult())) { // Invalid post specified. Msg("Invalid post specified.{$CFG['msg']['invalidlink']}"); } $strIP = long2ip($iIP); $strBackURL = "thread.php?threadid={$iThreadID}&postid={$iPostID}#post{$iPostID}"; } else { if (isset($_REQUEST['messageid'])) { // Private message $iMessageID = (int) $_REQUEST['messageid']; $strWhat = 'PM'; $strBackURL = "private.php?action=viewmessage&id={$iMessageID}"; // Get the IP address of the PM. $dbConn->query("SELECT ipaddress FROM pm WHERE id={$iMessageID}"); if (!(list($iIP) = $dbConn->getresult())) { // Invalid PM specified. Msg("Invalid PM specified.{$CFG['msg']['invalidlink']}"); } $strIP = long2ip($iIP); } else { // Nothing was specified. Msg('You must specify a post or PM for which to get an IP address.'); } } // Was there an IP address stored with the post/PM? if ($iIP === NULL) { // Nope. Msg("No IP address was stored with the specified {$strWhat}. If you believe this is an error, please notify the <a href=\"mailto:{$CFG['general']['admin']['email']}\">Webmaster</a>."); } // Get the information of each forum. list($aCategory, $aForum) = GetForumInfo(); // Template require "./skins/{$CFG['skin']}/getip.tpl.php"; // Send the page. exit; }