Beispiel #1
0
//***************************************************************************//
//                                                                           //
//  Copyright (c) 2004-2007 Jonathon Freeman                                 //
//  Copyright (c) 2007 Brian Otto                                            //
//  All rights reserved.                                                     //
//                                                                           //
//  This program is free software. You may use, modify, and/or redistribute  //
//  it under the terms of the MIT License.                                   //
//                                                                           //
//***************************************************************************//
// Initialize OvBB.
require './includes/init.inc.php';
// Is the user authorized to access the Admin CP?
if (!$_SESSION['permissions']['cviewadmincp']) {
    Unauthorized();
}
// What section do they want to view?
switch ($_REQUEST['section']) {
    case 'style':
        $strSection = $_REQUEST['section'];
        Style();
    case 'skins':
        $strSection = $_REQUEST['section'];
        Skins();
    case 'forums':
        $strSection = $_REQUEST['section'];
        Forums();
    case 'attachments':
        $strSection = $_REQUEST['section'];
        Attachments();
Beispiel #2
0
function ValidatePoll($iThreadID)
{
    global $CFG, $dbConn;
    // Get the values from the user.
    $strQuestion = $_REQUEST['question'];
    $aChoices = (array) $_REQUEST['choice'];
    $bMultipleChoices = (int) (bool) $_REQUEST['multiplechoices'];
    $iTimeout = (int) $_REQUEST['timeout'];
    // Question
    if (trim($strQuestion) == '') {
        // They either put in only whitespace or nothing at all.
        $aError[] = 'You must specify a question.';
    } else {
        if (strlen($strQuestion) > $CFG['maxlen']['pollquestion']) {
            // The question they specified is too long.
            $aError[] = "The question you specified is longer than {$CFG['maxlen']['pollquestion']} characters.";
        }
    }
    $strQuestion = $dbConn->sanitize($strQuestion);
    // Choices
    if (count($aChoices)) {
        // Clean up the list of choices.
        while (list($iChoiceID) = each($aChoices)) {
            $aChoices[$iChoiceID] = trim($aChoices[$iChoiceID]);
            if ($aChoices[$iChoiceID] != '') {
                if (strlen($aChoices[$iChoiceID]) < $CFG['maxlen']['pollchoice']) {
                    $aTemp[] = $aChoices[$iChoiceID];
                } else {
                    // The choice they specified is too long.
                    $aError[] = "A choice you specified is longer than {$CFG['maxlen']['pollchoice']} characters.";
                }
            }
        }
        $aChoices = $aTemp;
        unset($aTemp);
        // Right number?
        if (count($aChoices) < 2) {
            // Not enough choices given.
            $aError[] = 'You must specify at least two choices.';
        } else {
            if (count($aChoices) > $CFG['maxlen']['pollchoices']) {
                // Too many choices given.
                $aError[] = "The maximum number of choices is {$CFG['maxlen']['pollchoices']}.";
            } else {
                $strChoices = $dbConn->sanitize(serialize($aChoices));
            }
        }
    } else {
        // No choices given.
        $aError[] = 'You must specify at least two choices.';
    }
    // Timeout
    if ($iTimeout < 0 || $iTimeout > 65535) {
        // They don't know what timeout they want. We'll give them none.
        $iTimeout = 0;
    }
    // If there was an error, let's return it.
    if (is_array($aError)) {
        return $aError;
    }
    // Get information on the thread.
    $dbConn->query("SELECT author, visible, closed, poll FROM thread WHERE id={$iThreadID}");
    if (!(list($iThreadAuthorID, $bThreadVisible, $bThreadClosed, $bHasPoll) = $dbConn->getresult())) {
        Msg("Invalid thread specified.{$CFG['msg']['invalidlink']}");
    }
    // Make sure we're the author and the thread is marked for a poll.
    if ($iThreadAuthorID != $_SESSION['userid'] || !$bHasPoll) {
        Unauthorized();
    }
    // Make sure the thread doesn't already have a poll.
    $dbConn->query("SELECT COUNT(*) FROM poll WHERE id={$iThreadID}");
    list($bReallyHasPoll) = $dbConn->getresult();
    if ($bReallyHasPoll) {
        Msg('The thread specified already has a poll.');
    }
    // What is the forum we're in?
    $dbConn->query("SELECT parent FROM thread WHERE id={$iThreadID}");
    list($iForumID) = $dbConn->getresult();
    // Save the poll to the database.
    $dbConn->query("INSERT INTO poll(id, datetime, question, answers, multiplechoices, timeout) VALUES({$iThreadID}, {$CFG['globaltime']}, '{$strQuestion}', '{$strChoices}', {$bMultipleChoices}, {$iTimeout})");
    // Finish "submitting" the thread this poll belongs to.
    $dbConn->query("UPDATE thread SET poll=1, closed=0, visible=1 WHERE id={$iThreadID}");
    $dbConn->query("UPDATE board SET postcount=postcount+1, threadcount=threadcount+1, lpost={$CFG['globaltime']}, lposter={$_SESSION['userid']}, lthread={$iThreadID}, lthreadpcount=1 WHERE id={$iForumID}");
    $dbConn->query("UPDATE citizen SET postcount=postcount+1 WHERE id={$_SESSION['userid']}");
    // Update the forum stats.
    $dbConn->query("UPDATE stats SET content=content+1 WHERE name IN ('postcount', 'threadcount')");
    // Render page.
    Msg("<b>Thank you for posting.</b><br /><br /><span class=\"smaller\">You should be redirected momentarily. Click <a href=\"thread.php?threadid={$iThreadID}\">here</a> if you do not want to wait any longer or if you are not redirected.</span>", "thread.php?threadid={$iThreadID}");
}
Beispiel #3
0
function MailUser()
{
    global $CFG, $dbConn;
    // Constants
    define('USERID', 0);
    define('USERNAME', 1);
    define('EMAIL', 2);
    define('SUBJECT', 3);
    define('BODY', 4);
    // Are they logged in?
    if (!$_SESSION['loggedin']) {
        // No, so give them the bad news.
        Unauthorized();
    }
    // What user do they want to send an email to?
    $aUserInfo[USERID] = (int) $_REQUEST['userid'];
    // Get the user's information.
    $dbConn->query("SELECT username, email, publicemail, allowmail FROM citizen WHERE id={$aUserInfo[USERID]}");
    if (!(list($aUserInfo[USERNAME], $aUserInfo[EMAIL], $bPublicEMail, $bAllowMail) = $dbConn->getresult())) {
        Msg("Invalid user specified.{$CFG['msg']['invalidlink']}");
    }
    // Do they have permission to e-mail this user?
    if (!$_SESSION['permissions']['cviewadmincp'] && !$bPublicEMail || $_SESSION['permissions']['cviewadmincp'] && !$bAllowMail && !$bPublicEMail) {
        // Nope, let them know the bad news.
        Msg("Sorry! That user has specified that they do not wish to receive e-mails through this board. If you still wish to send an e-mail to this user, please contact the <a href=\"mailto:{$CFG['general']['admin']['email']}\">administrator</a> and they may be able to help.");
    }
    // Are they submitting?
    if (isset($_REQUEST['submit'])) {
        // Get the information from the user.
        $aMessageInfo[SUBJECT] = $_REQUEST['subject'];
        $aMessageInfo[BODY] = $_REQUEST['body'];
        // Validate it.
        $aError = MailUserNow($aUserInfo, $aMessageInfo);
    }
    // Template
    require "./skins/{$CFG['skin']}/mailuser.tpl.php";
    // Send the page.
    exit;
}
Beispiel #4
0
function ViewEvent()
{
    global $CFG, $dbConn, $aSmilies;
    // Does the user have authorization to use the calendar?
    if (!$_SESSION['permissions']['ccalendar']) {
        // No. Let them know the bad news.
        Unauthorized();
    }
    // What event do they want to view?
    $iEventID = (int) $_REQUEST['eventid'];
    // Get the information for this event.
    $dbConn->query("SELECT author, startdate, title, body, private, dsmilies FROM event WHERE id={$iEventID}");
    if (!(list($iAuthor, $strDate, $strTitle, $strEventInfo, $bPrivate, $bDisableSmilies) = $dbConn->getresult())) {
        Msg("Invalid event specified.{$CFG['msg']['invalidlink']}");
    }
    $bPublic = !$bPrivate;
    // Are they allowed to view this event?
    if (!$bPublic && $iAuthor != $_SESSION['userid']) {
        // Nope. Give them the Unauthorized page.
        Unauthorized();
    }
    // Parse the message.
    $strEventInfo = ParseMessage($strEventInfo, $bDisableSmilies);
    // Template
    require "./skins/{$CFG['skin']}/viewevent.tpl.php";
    // Send the page.
    exit;
}
Beispiel #5
0
Datei: mod.php Projekt: OvBB/v1.0
function GetIP()
{
    global $CFG, $dbConn;
    // Are they authorized to view IP addresses?
    if (!$_SESSION['permissions']['cviewips']) {
        // No, so give them the bad news.
        Unauthorized();
    }
    // What do they want to get an IP address of?
    if (isset($_REQUEST['postid'])) {
        // Post
        $iPostID = (int) $_REQUEST['postid'];
        $strWhat = 'post';
        // Get the IP address and thread ID of the post.
        $dbConn->query("SELECT ipaddress, parent FROM post WHERE id={$iPostID}");
        if (!(list($iIP, $iThreadID) = $dbConn->getresult())) {
            // Invalid post specified.
            Msg("Invalid post specified.{$CFG['msg']['invalidlink']}");
        }
        $strIP = long2ip($iIP);
        $strBackURL = "thread.php?threadid={$iThreadID}&postid={$iPostID}#post{$iPostID}";
    } else {
        if (isset($_REQUEST['messageid'])) {
            // Private message
            $iMessageID = (int) $_REQUEST['messageid'];
            $strWhat = 'PM';
            $strBackURL = "private.php?action=viewmessage&id={$iMessageID}";
            // Get the IP address of the PM.
            $dbConn->query("SELECT ipaddress FROM pm WHERE id={$iMessageID}");
            if (!(list($iIP) = $dbConn->getresult())) {
                // Invalid PM specified.
                Msg("Invalid PM specified.{$CFG['msg']['invalidlink']}");
            }
            $strIP = long2ip($iIP);
        } else {
            // Nothing was specified.
            Msg('You must specify a post or PM for which to get an IP address.');
        }
    }
    // Was there an IP address stored with the post/PM?
    if ($iIP === NULL) {
        // Nope.
        Msg("No IP address was stored with the specified {$strWhat}. If you believe this is an error, please notify the <a href=\"mailto:{$CFG['general']['admin']['email']}\">Webmaster</a>.");
    }
    // Get the information of each forum.
    list($aCategory, $aForum) = GetForumInfo();
    // Template
    require "./skins/{$CFG['skin']}/getip.tpl.php";
    // Send the page.
    exit;
}