function deletetheme($themeid, $reset)
{
global $user, $FUNCTIONS_LANG, $error, $error_die;
if (!$user['admin_panel']) {
# No one should be able to actually use this function except an admin,
# its there just to be safe ;)
$error_die[] = $FUNCTIONS_LANG["e_permissions"];
return false;
}
if (empty($themeid)) {
# tut tut, dont mess around with the URLs
$error[] = $FUNCTIONS_LANG["e_th_specify_delete"];
return false;
}
# tut tut, dont mess around with the URLs
if (empty($reset)) {
$error[] = $FUNCTIONS_LANG["e_th_specify_everyone"];
return false;
}
if (!errors()) {
$themes = call('sql_query', "SELECT * FROM themes WHERE theme_id = '{$themeid}'");
$r = call('sql_fetch_array', $themes);
$query = call('sql_query', "DELETE FROM themes WHERE theme_id = '{$themeid}'");
$sql = call('sql_query', "DELETE FROM theme_settings WHERE theme_id = '{$themeid}'");
$sql = call('sql_query', "UPDATE users SET theme = '{$reset}' WHERE theme = '" . $r['theme_name'] . "'");
if ($sql) {
return true;
}
}
}
function editarticle($subject, $summary, $full_article, $cat, $rating, $comment, $id)
{
global $user, $error, $error_die;
if (!$user['admin_panel']) {
$error_die[] = 'You do not have permission to do this';
//No one should be able to actually use this function except an admin, its there just to be safe ;)
return false;
}
if (empty($subject)) {
$error[] = 'You must specify a subject';
return false;
}
if (empty($summary)) {
$error[] = 'You must specify a summary for your article';
return false;
}
$comment = !isset($comment) ? 0 : 1;
$rating = !isset($rating) ? 0 : 1;
if (!errors()) {
$query = call('sql_query', "UPDATE articles SET subject = '{$subject}', summary = '{$summary}', full_article = '{$full_article}', cat = '{$cat}', ratings = '{$rating}', comments = '{$comment}' WHERE id = '{$id}'");
if ($query) {
return true;
}
}
}
function output_maintenance($title = '', $body = '', $head = '')
{
global $error, $error_die;
if (theme('output_error') != false) {
$body = theme('output_error');
$title = 'Error';
unset($error_die);
}
if (errors()) {
$error = theme('title', 'Error') . theme('start_content') . '<div class="errors"><ul>';
foreach ($error as $errors) {
$error .= '<li>' . $errors . '</li>';
}
$error .= '</ul></div>' . theme('end_content');
unset($error);
} else {
$error = '';
}
$output = theme('head', stripslashes($title), $head) . '
<body class="thrColLiqHdr">
<div id="maintenance-container">' . theme('start_content') . stripslashes($body) . theme('end_content') . '</div>
</body>
</html>';
die($output);
}
function addemoticon($code, $image, $text)
{
global $user, $error, $error_die;
if (!$user['admin_panel']) {
$error_die[] = 'You do not have permission to do this';
//No one should be able to actually use this function except an admin, its there just to be safe ;)
return false;
}
if (empty($code)) {
$error[] = 'You must specify the code';
return false;
}
if (empty($image)) {
$error[] = 'You must specify an image';
return false;
}
if (empty($text)) {
$error[] = 'You must specify text';
return false;
}
$code = str_replace(array("\"", "'"), '', $code);
if (!errors()) {
$query = call('sql_query', "INSERT INTO emoticons (code, image, alt) VALUES ('{$code}', '{$image}', '{$text}')");
if ($query) {
return true;
}
}
}
function addcomment($id, $type, $message, $token)
{
global $user, $error, $error_die;
call('checktoken', $token);
if (!$user['post_comment']) {
$error[] = 'You do not have permission to post a comment';
return false;
}
$existcheck = call('sql_query', "SELECT id, comments FROM {$type} WHERE id = '{$id}'");
$fetch = call('sql_fetch_array', $existcheck);
if (call('sql_num_rows', $existcheck) == 0) {
$error_die[] = 'This ' . $type . ' no longer exists so adding a comment was not possible';
return false;
}
if ($fetch['comments'] != '1') {
$error_die[] = 'Posting of comments on this ' . $type . ' is disabled';
return false;
}
if (empty($message)) {
$error[] = 'Please enter a message';
return false;
}
if (!errors()) {
$sql = call('sql_query', "INSERT INTO comments (comment_type, type_id, message, author, author_id, ip, post_time) VALUES ('{$type}', '{$id}', '{$message}', '" . $user['user'] . "', '" . $user['id'] . "', '" . call('visitor_ip') . "', '" . time() . "' ) ");
if ($sql) {
return true;
}
}
}
function editpage($name, $content, $id, $comment, $rating)
{
global $user, $error, $error_die;
if (!$user['admin_panel']) {
$error_die[] = 'You do not have permission to do this';
//No one should be able to actually use this function except an admin, its there just to be safe ;)
return false;
}
$sql = call('sql_query', "SELECT * FROM pages WHERE id = '{$id}'");
if (call('sql_num_rows', $sql) == 0) {
$error[] = 'This page no longer exists';
return false;
}
if (empty($content)) {
$error[] = 'You must specify content for the page';
return false;
}
if (empty($name)) {
$error[] = 'You must specify a name for the page';
return false;
}
if (!errors()) {
$comment = !isset($comment) ? 0 : 1;
$rating = !isset($rating) ? 0 : 1;
$query = call('sql_query', "UPDATE pages SET pagename = '{$name}', content = '{$content}', comments = '{$comment}', ratings = '{$rating}' WHERE id = '{$id}'");
if ($query) {
return true;
}
}
}
function deleteuser($id)
{
global $user, $error, $error_die;
if (!$user['admin_panel']) {
$error_die[] = 'You do not have permission to do this';
//No one should be able to actually use this function except an admin, its there just to be safe ;)
return false;
}
if ($user['id'] == $id) {
$error_die[] = 'You can not delete your own account';
//why would you want to delete your own account in the admin panel? Makes no sense
return false;
}
$sql = call('sql_query', "SELECT * FROM users WHERE id = '{$id}'");
if (call('sql_num_rows', $sql) == 0) {
$error[] = 'This user no longer exists';
return false;
}
if (!errors()) {
$query = call('sql_query', "DELETE FROM users WHERE id = '{$id}'");
if ($query) {
return true;
}
}
}
function editemoticon($code, $image, $text, $id)
{
global $user, $error, $error_die;
if (!$user['admin_panel']) {
$error_die[] = 'You do not have permission to do this';
//No one should be able to actually use this function except an admin, its there just to be safe ;)
return false;
}
if (empty($code)) {
$error[] = 'You must specify the code';
return false;
}
if (empty($image)) {
$error[] = 'You must specify an image';
return false;
}
if (empty($text)) {
$error[] = 'You must specify text';
return false;
}
if (!errors()) {
$query = call('sql_query', "UPDATE emoticons SET code='{$code}', image='{$image}', alt='{$text}' WHERE id='{$id}'");
if ($query) {
return true;
}
}
}
function action()
{
router();
if (empty($_GET[0]) || $_GET[0] == 'index.php') {
$_GET[0] = SCRIPT_NAME;
}
if (empty($_GET[1])) {
$_GET[1] = 'main';
}
//$_GET = array_map('strtolower', $_GET);
// $file = CONTROLLERS_PATH . $_GET[0] . '.php';
$file = CONTROLLERS_PATH . $_GET[0] . '.php';
// var_dump($file ,__FILE__);exit;
if (!file_exists($file)) {
errors();
exit;
//die('The server is busy, please try again later.');
}
// echo $_GET[1];eixt;
$c = new index();
// if( !method_exists( $c, $_GET[1] ) )
// {
// errors();
// exit();
// //die('The server is busy, please try again later.');
// }
$c->{$_GET}[1]();
// $c->display($c->tpl);
}
function addban($ip, $reason, $type)
{
global $user, $error, $error_die;
if (!$user['admin_panel']) {
$error_die[] = 'You do not have permission to do this';
//No one should be able to actually use this function except an admin, its there just to be safe ;)
return false;
}
if (empty($ip)) {
$error[] = 'You must specify an ip address to ban';
return false;
}
if ($type == 'ip' && !preg_match('^([1]?\\d{1,2}|2[0-4]{1}\\d{1}|25[0-5]{1})(\\.([1]?\\d{1,2}|2[0-4]{1}\\d{1}|25[0-5]{1})){3}$^', $ip)) {
$error[] = 'Invalid IP';
return false;
}
$visitor_range = substr(call('visitor_ip'), 0, strlen(call('visitor_ip')) - strlen(strrchr(call('visitor_ip'), ".")));
$visitor_range = substr($visitor_range, 0, strlen($visitor_range) - strlen(strrchr($visitor_range, ".")));
if (call('visitor_ip') == $ip || $visitor_range == $ip) {
$error[] = 'You can not ban your own IP';
return false;
}
if (!errors()) {
if ($type == 'ip') {
$query = call('sql_query', "INSERT INTO bans (ip, reason, time_created, created_by) VALUES ('{$ip}', '{$reason}', '" . time() . "', '" . $user['id'] . "')");
} elseif ($type == 'range') {
$query = call('sql_query', "INSERT INTO bans (ip_range, reason, time_created, created_by) VALUES ('{$ip}', '{$reason}', '" . time() . "', '" . $user['id'] . "')");
}
if ($query) {
return true;
}
}
}
function sitesettings($registration, $reg_approval, $email, $mail, $host, $username, $password, $mode, $message, $captcha, $topics, $posts, $name, $tos)
{
global $user, $error_die;
if (!$user['admin_panel']) {
$error_die[] = 'You do not have permission to do this';
//No one should be able to actually use this function except an admin, its there just to be safe ;)
return false;
}
if (!errors()) {
$reg = call('sql_query', "UPDATE settings SET value = '{$registration}' WHERE variable = 'registration'");
$register_approval = call('sql_query', "UPDATE settings SET value = '{$reg_approval}' WHERE variable = 'register_approval'");
$emailq = call('sql_query', "UPDATE settings SET value = '{$email}' WHERE variable = 'email'");
$mail_type = call('sql_query', "UPDATE settings SET value = '{$mail}' WHERE variable = 'mail'");
$smtp_host = call('sql_query', "UPDATE settings SET value = '{$host}' WHERE variable = 'smtp_host'");
$smtp_username = call('sql_query', "UPDATE settings SET value = '{$username}' WHERE variable = 'smtp_username'");
$smtp_password = call('sql_query', "UPDATE settings SET value = '{$password}' WHERE variable = 'smtp_password'");
$maintenance_mode = call('sql_query', "UPDATE settings SET value = '{$mode}' WHERE variable = 'maintenance_mode'");
$maintenance_message = call('sql_query', "UPDATE settings SET value = '{$message}' WHERE variable = 'maintenance_message'");
$register_captcha = call('sql_query', "UPDATE settings SET value = '{$captcha}' WHERE variable = 'register_captcha'");
$topic_page = call('sql_query', "UPDATE settings SET value = '{$topics}' WHERE variable = 'topics_page'");
$posts_topic = call('sql_query', "UPDATE settings SET value = '{$posts}' WHERE variable = 'posts_topic'");
$site_name = call('sql_query', "UPDATE settings SET value = '{$name}' WHERE variable = 'site_name'");
$terms = call('sql_query', "UPDATE settings SET value = '{$tos}' WHERE variable = 'tos'");
if ($reg && $register_approval && $emailq && $mail_type && $smtp_host && $smtp_username && $smtp_password && $maintenance_mode && $maintenance_message && $register_captcha && $topic_page && $posts_topic && $site_name && $terms) {
return true;
}
}
}
function unstickytopic($topicid)
{
global $user, $error, $error_die;
if (empty($topicid)) {
$error_die[] = 'The id of the topic to be made a sticky was not entered';
return false;
}
$checktopic = call('sql_query', "SELECT thread_author FROM forum_topics WHERE topic_id = '{$topicid}'");
$fetch = call('sql_fetch_array', $checktopic);
if (call('sql_num_rows', $checktopic) == 0) {
$error_die[] = 'This topic does not exist';
return false;
}
if ($fetch['thread_author'] == $user['user'] && $user['sticky_own_topic'] || $user['sticky_any_topic']) {
if (!errors()) {
$query = call('sql_query', "UPDATE forum_topics SET sticky = '0' WHERE topic_id = '{$topicid}'");
if ($query) {
return true;
}
} else {
$error_die[] = 'You do not have permission to perform this action';
return false;
}
}
}
function editarticlecat($name, $description, $visible, $id)
{
global $user, $error, $error_die;
if (!$user['admin_panel']) {
$error_die[] = 'You do not have permission to do this';
//No one should be able to actually use this function except an admin, its there just to be safe ;)
return false;
}
if (empty($name)) {
$error[] = 'You must specify a name';
return false;
}
if (empty($description)) {
$error[] = 'You must specify a description';
return false;
}
if (empty($visible)) {
$error[] = 'You must state who this category is visible to';
} else {
foreach ($visible as $key => $value) {
$visible .= $value . ',';
}
$visible = str_replace('Array', '', $visible);
$count = strlen($visible);
$visible = substr($visible, 0, $count - 1);
}
if (!errors()) {
$query = call('sql_query', "UPDATE article_categories SET name = '{$name}', description = '{$description}', visible = '{$visible}' WHERE id = '{$id}'");
if ($query) {
return true;
}
}
}
function updatethemes($footer, $logo, $left, $right, $upper, $lower, $visible, $id)
{
global $user, $FUNCTIONS_LANG;
if (!$user['admin_panel']) {
# No one should be able to actually use this function except an admin,
# its there just to be safe ;)
$error_die[] = $FUNCTIONS_LANG["e_permissions"];
return false;
}
if (empty($visible)) {
$error[] = $FUNCTIONS_LANG["e_th_use_theme"];
return false;
} else {
foreach ($visible as $key => $value) {
$visible .= $value . ',';
}
$visible = str_replace('Array', '', $visible);
$count = strlen($visible);
$visible = substr($visible, 0, $count - 1);
}
if (!errors()) {
$site_footer = call('sql_query', "UPDATE theme_settings SET value = '{$footer}' WHERE variable = 'footer' AND theme_id = '{$id}'");
$site_logo = call('sql_query', "UPDATE theme_settings SET value = '{$logo}' WHERE variable = 'logo'AND theme_id = '{$id}'");
$exclude_left = call('sql_query', "UPDATE theme_settings SET value = '{$left}' WHERE variable = 'exclude_left'AND theme_id = '{$id}'");
$exclude_right = call('sql_query', "UPDATE theme_settings SET value = '{$right}' WHERE variable = 'exclude_right'AND theme_id = '{$id}'");
$exclude_upper = call('sql_query', "UPDATE theme_settings SET value = '{$upper}' WHERE variable = 'exclude_upper'AND theme_id = '{$id}'");
$exclude_lower = call('sql_query', "UPDATE theme_settings SET value = '{$lower}' WHERE variable = 'exclude_lower'AND theme_id = '{$id}'");
$theme_perms = call('sql_query', "UPDATE themes SET theme_visibility = '{$visible}' WHERE theme_id = '{$id}'");
if ($site_footer && $site_logo && $exclude_left && $exclude_right && $exclude_upper && $exclude_lower && $theme_perms) {
return true;
}
}
}
function uninstallplugin($id)
{
global $user, $error, $error_die;
if (!$user['admin_panel']) {
$error_die[] = 'You do not have permission to do this';
//No one should be able to actually use this function except an admin, its there just to be safe ;)
return false;
}
if (empty($id)) {
$error[] = 'No Plugin was selected';
return false;
}
$sql = call('sql_query', "SELECT folder FROM plugins WHERE id = '{$id}'");
if (call('sql_num_rows', $sql) == 0) {
$error[] = 'This Plugin does not exist';
return false;
}
if (!errors()) {
$fetch = call('sql_fetch_array', $sql);
include './Plugins/' . $fetch['folder'] . '/plugin-info.php';
$delete = call('sql_query', "DELETE FROM plugins WHERE id = '{$id}'");
if (isset($plugin['uninstall']) && is_array($plugin['uninstall'])) {
foreach ($plugin['uninstall'] as $uninstall) {
call('sql_query', $uninstall);
}
}
if ($delete) {
return true;
}
}
}
function trackip($ip)
{
global $settings;
// how many rows to show per page
$rowsPerPage = $settings['topics_page'];
// by default we show first page
$pageNum = 1;
// if $_GET['page'] defined, use it as page number
if (isset($_GET['page'])) {
$pageNum = $_GET['page'];
}
// counting the offset
$offset = ($pageNum - 1) * $rowsPerPage;
$fetch = array();
if (!errors()) {
$sql = call('sql_query', "SELECT id, topic_id, author_id, post_time, subject, ip FROM forum_posts WHERE ip LIKE '%{$ip}%' ORDER BY post_time DESC LIMIT {$offset}, {$rowsPerPage}");
if (call('sql_num_rows', $sql) != 0) {
while ($r = call('sql_fetch_array', $sql)) {
$fetch[] = array('post_id' => $r['id'], 'topic_id' => $r['topic_id'], 'author' => call('userprofilelink', $r['author_id']), 'post_time' => call('dateformat', $r['post_time']), 'subject' => '<a href="' . $settings['site_url'] . '/index.php?act=viewtopic&id=' . $r['topic_id'] . '&page=' . ceil($r['id'] / $settings['posts_topic']) . '#' . $r['id'] . '" target="_blank">' . $r['subject'] . '</a>', 'ip' => $r['ip'], 'type' => 'post');
}
} else {
$fetch[] = array('ip' => 'The search returned zero results', 'type' => 'post');
}
$sql = call('sql_query', "SELECT id, ip FROM users WHERE ip LIKE '%{$ip}%'");
if (call('sql_num_rows', $sql) != 0) {
while ($r = call('sql_fetch_array', $sql)) {
$fetch[] = array('user' => call('userprofilelink', $r['id']), 'ip' => $r['ip'], 'type' => 'user');
}
} else {
$fetch[] = array('ip' => 'The search returned zero results', 'type' => 'user');
}
}
return $fetch;
}
function buildError($error, $num)
{
if ($GLOBALS['useDebug'] == false) {
log_error($error, $num);
} else {
errors($error, $num);
}
}
function editboard($name, $description, $postgroup, $visible, $id, $moderators, $category, $sticky, $lock)
{
global $user, $error, $error_die;
if (empty($visible)) {
$error[] = 'You must state who this board is visible to';
return false;
} else {
foreach ($visible as $key => $value) {
$visible .= $value . ',';
}
$visible = str_replace('Array', '', $visible);
$count = strlen($visible);
$visible = substr($visible, 0, $count - 1);
}
if (empty($postgroup)) {
$error[] = 'You must state who may post in this board';
return false;
} else {
foreach ($postgroup as $key => $value) {
$postgroup .= $value . ',';
}
$postgroup = str_replace('Array', '', $postgroup);
$count2 = strlen($postgroup);
$postgroup = substr($postgroup, 0, $count2 - 1);
}
if (!$user['admin_panel']) {
$error_die[] = 'You do not have permission to do this';
//No one should be able to actually use this function except an admin, its there just to be safe ;)
return false;
}
if (empty($description)) {
$error[] = 'You must specify a description';
return false;
}
if (empty($name)) {
$error[] = 'You must specify a name for the board';
//silly, but seriously why make a board without naming it, how are people meant to know what it is!
return false;
}
$sql = call('sql_query', "SELECT * FROM forum_boards WHERE id = '{$id}'");
if (call('sql_num_rows', $sql) == 0) {
$error[] = 'This board no longer exists';
return false;
}
$sticky = empty($sticky) || !$sticky ? 0 : 1;
$lock = empty($lock) || !$lock ? 0 : 1;
if (!errors()) {
$query = call('sql_query', "UPDATE forum_boards SET board_name = '{$name}', board_description = '{$description}', visible = '{$visible}', post_group = '{$postgroup}', cat = '{$category}', creation_sticky = '{$sticky}', creation_lock = '{$lock}' WHERE id = '{$id}'");
$username = explode(", ", $moderators);
foreach ($username as $recipient) {
$sql_2 = call('sql_query', "INSERT INTO forum_moderators (user_id, board_id) VALUES ('{$recipient}', '{$id}')");
}
if ($query) {
return true;
}
}
}
function postreply($topicid, $subject, $message, $token, $smiley, $time)
{
global $user, $error, $error_die;
call('checktoken', $token);
if (empty($topicid) || !is_numeric($topicid)) {
$error_die[] = 'No topic selected';
return false;
}
if (empty($message)) {
$error[] = 'Your message is empty';
return false;
}
$sql = call('sql_query', "SELECT * FROM forum_topics WHERE topic_id = '{$topicid}'");
$fetch = call('sql_fetch_array', $sql);
if (call('sql_num_rows', $sql) == 0) {
$error_die[] = 'Topic does not exist';
return false;
}
if ($fetch['locked'] == '1') {
$error_die[] = 'This topic is locked! You may not post a reply';
return false;
}
if (empty($subject)) {
$subject = 'Re: ' . $fetch['thread_title'] . '';
}
$sql_2 = call('sql_query', "SELECT * FROM forum_boards WHERE id = '" . $fetch['board_id'] . "'");
$fetch_2 = call('sql_fetch_array', $sql_2);
if (call('sql_num_rows', $sql_2) == 0) {
$error_die[] = 'Error this board does not exist';
return false;
}
if (!call('visiblecheck', $user['membergroup_id'], $fetch_2['post_group'])) {
$error_die[] = 'You do not have permission to create a new reply in this board';
return false;
}
//check to see if someone has posted already in this topic while this user was posting
$timecheck = call('sql_query', "SELECT * FROM forum_posts WHERE topic_id = '{$topicid}' AND post_time>{$time}");
if (call('sql_num_rows', $timecheck) != 0) {
$error[] = 'Someone has made a reply while you were posting. Please review the post';
unset($_SESSION['post_time']);
return false;
}
if (!errors()) {
$smiley = empty($smiley) || !smiley ? 0 : 1;
$deleteread = call('sql_query', "DELETE FROM topic_read WHERE topic_id = '{$topicid}' AND user_id!='" . $user['id'] . "'");
$deleteboardread = call('sql_query', "DELETE FROM board_read WHERE board_id = '" . $fetch['board_id'] . "'");
$insertreply = call('sql_query', "INSERT INTO forum_posts (topic_id, board_id, post_time, author_id, name_author, subject, message, ip, disable_smiley) VALUES ('{$topicid}', '" . $fetch['board_id'] . "', '" . time() . "', '" . $user['id'] . "', '" . $user['user'] . "', '{$subject}', '{$message}', '" . call('visitor_ip') . "', '{$smiley}')");
$replyid = call('sql_insert_id');
$updateboardcount = call('sql_query', "UPDATE forum_boards SET posts_count=posts_count+1, last_msg='{$replyid}' WHERE id='" . $fetch['board_id'] . "'");
$updatereplycount = call('sql_query', "UPDATE forum_topics SET replies=replies+1, latest_reply='{$replyid}' WHERE topic_id='{$topicid}'");
$updateuserspost = call('sql_query', "UPDATE users SET posts=posts+1 WHERE id='" . $user['id'] . "'");
if ($insertreply) {
return true;
}
}
}
function output_admin($title = '', $body = '', $head = '', $update = '')
{
global $settings, $authid, $user, $error;
if (errors()) {
$errors = theme('start_content') . '<p><h2>Error:</h2></p><div class="errors"><ul>';
foreach ($error as $error1) {
$errors .= '<li>' . $error1 . '</li>';
}
$errors .= '</ul></div>' . theme('end_content');
unset($error);
} else {
$errors = '';
}
if (isset($_SESSION['update'])) {
$update = '<div class="content" align="center" id="update" style="display: block;">' . $_SESSION['update'] . '</div>';
unset($_SESSION['update']);
} else {
$update = '<div align="center" id="update"></div>';
}
if (empty($user['admin_menu'])) {
$menu = 'left.php';
} else {
$menu = $user['admin_menu'];
}
if (file_exists('themes/' . $settings['site_theme'] . '/Layouts/Admin/Menu/' . $menu)) {
include 'themes/' . $settings['site_theme'] . '/Layouts/Admin/Menu/' . $menu;
} elseif (file_exists('themes/_Admin/' . $menu . '/theme-info.php')) {
$theme_path = 'themes/_Admin/' . $menu . '/';
include $theme_path . 'theme-info.php';
include $theme_path . $theme_default;
} else {
include 'Layouts/Admin/Menu/' . $menu;
}
$output = theme('head', $title, $head . '<style type="text/css">
.thrColLiqHdr #mainContent {
margin-bottom: 0;
margin-left: 1%;
margin-top: 0;
margin-right: 1%;
}
</style>') . '
<body class="thrColLiqHdr">
<div id="container">
' . theme('top') . theme('links') . '
<div id="mainContent">';
if (theme('output_error') == false) {
$output .= $menu;
} else {
$output .= theme('output_error');
}
$output .= theme('footer');
die($output);
}
function edituser($username, $email, $newpassword, $vpassword, $avatar, $signature, $location, $currentpass, $membergroup, $id)
{
global $user, $error, $error_die;
if ($currentpass != $user['pass']) {
$error[] = 'Your password entered is not correct';
return false;
}
if (strlen($username) > 16) {
$error[] = 'The username is too long, it must be below 16 characters';
return false;
}
if (empty($currentpass)) {
$error[] = 'You must enter your current password to update the users profile';
return false;
}
if (!preg_match("/^([a-z0-9._-](\\+[a-z0-9])*)+@[a-z0-9.-]+\\.[a-z]{2,6}\$/i", $email)) {
$error[] = 'The email address entered is not valid';
return false;
}
if (empty($email)) {
$error[] = 'You must enter an email address';
return false;
}
if (!empty($newpassword) && $newpassword != $vpassword) {
$error[] = 'The new passwords do not match';
return false;
}
if (!empty($newpassword) && strlen($newpassword) < 6) {
$error[] = 'The Password must be 6 characters or longer';
return false;
}
if (strlen($signature) > 300 && !empty($signature)) {
$error[] = 'The Signature is too long';
return false;
}
if (!preg_match("/^[a-zA-Z]+[:\\/\\/]+[A-Za-z0-9\\-_]+\\.+[A-Za-z0-9\\.\\/%&=\\?\\-_]+\$/i", $avatar) && !empty($avatar)) {
$error[] = 'The avatar url entered is not valid';
return false;
}
if (!errors()) {
if (!empty($newpassword)) {
$vpassword = md5($vpassword);
$sql = call('sql_query', "UPDATE users SET email = '{$email}', pass = '******', user = '******', avatar = '{$avatar}', signature = '{$signature}', location = '{$location}', membergroup = '{$membergroup}' WHERE id = '{$id}'");
} else {
$sql = call('sql_query', "UPDATE users SET email = '{$email}', user = '******', avatar = '{$avatar}', signature = '{$signature}', location = '{$location}', membergroup = '{$membergroup}' WHERE id = '{$id}'");
}
if ($sql) {
return true;
}
}
}
function addboard($name, $description, $postgroup, $visible, $category, $sticky, $lock)
{
global $user, $error, $error_die;
if (empty($visible)) {
$error[] = 'You must state who this board is visible to';
} else {
foreach ($visible as $key => $value) {
$visible .= $value . ',';
}
$visible = str_replace('Array', '', $visible);
$count = strlen($visible);
$visible = substr($visible, 0, $count - 1);
}
if (empty($postgroup)) {
$error[] = 'You must state who may post in this board';
} else {
foreach ($postgroup as $key => $value) {
$postgroup .= $value . ',';
}
$postgroup = str_replace('Array', '', $postgroup);
$count2 = strlen($postgroup);
$postgroup = substr($postgroup, 0, $count2 - 1);
}
if (!$user['admin_panel']) {
$error_die[] = 'You do not have permission to do this';
//No one should be able to actually use this function except an admin, its there just to be safe ;)
return false;
}
if (empty($description)) {
$error[] = 'You must specify a description';
return false;
}
if (empty($name)) {
$error[] = 'You must specify a name for the board';
//silly, but seriously why make a board without naming it, how are people meant to know what it is!
return false;
}
if (!errors()) {
$sql = call('sql_query', "SELECT * FROM forum_boards WHERE cat = '{$category}' ORDER BY item_order DESC");
$fetch = call('sql_fetch_array', $sql);
$order = call('sql_num_rows', $sql) == 0 ? 1 : $fetch['item_order'] + 1;
$sticky = empty($sticky) || !$sticky ? 0 : 1;
$lock = empty($lock) || !$lock ? 0 : 1;
$query = call('sql_query', "INSERT INTO forum_boards (board_name, board_description, post_group, visible, item_order, cat, creation_sticky, creation_lock) VALUES ('{$name}', '{$description}', '{$postgroup}', '{$visible}', '{$order}', '{$category}', '{$sticky}', '{$lock}')");
if ($query) {
return true;
}
}
}
function deleteemoticon($id)
{
global $user, $error, $error_die;
if (!$user['admin_panel']) {
$error_die[] = 'You do not have permission to do this';
//No one should be able to actually use this function except an admin, its there just to be safe ;)
return false;
}
if (!errors()) {
$query = call('sql_query', "DELETE FROM emoticons WHERE id='{$id}'");
if ($query) {
return true;
}
}
}
function delete_topic($topicid, $boardid)
{
global $user, $error, $error_die;
if (empty($topicid) || !is_numeric($topicid)) {
$error_die[] = 'The id of the topic to be deleted was not entered or not valid';
return false;
}
if (empty($boardid) || !is_numeric($boardid)) {
$error_die[] = 'The id of the board was not entered or not valid';
return false;
}
$checktopic = call('sql_query', "SELECT * FROM forum_topics WHERE topic_id = '{$topicid}'");
$fetchtopicdata = call('sql_fetch_array', $checktopic);
if (call('sql_num_rows', $checktopic) == 0) {
$error_die[] = 'This topic does not exist';
return false;
}
if ($fetchtopicdata['thread_author'] != $user['user'] && !$user['delete_own_topic'] || !$user['delete_any_topic']) {
$error_die[] = 'You do not have permission to delete this post';
return false;
}
if (!errors()) {
$result = call('sql_query', "SELECT name_author, COUNT(id) as num_posts FROM forum_posts WHERE topic_id='{$topicid}' GROUP BY name_author");
if (call('sql_num_rows', $result) != 0) {
while ($postdata = call('sql_fetch_assoc', $result)) {
$result2 = call('sql_query', "UPDATE users SET posts=posts-" . $postdata['num_posts'] . " WHERE user='******'name_author'] . "'");
}
}
$topicdataquery = call('sql_query', "SELECT topic_id, latest_reply FROM forum_topics WHERE topic_id = '{$topicid}'");
$topicdata = call('sql_fetch_array', $topicdataquery);
$topics_count = call('sql_query', "SELECT * FROM forum_topics WHERE board_id ='{$boardid}'");
$result7 = call('sql_query', "DELETE FROM forum_posts WHERE topic_id='{$topicid}'");
$del_posts = call('sql_affected_rows');
$result3 = call('sql_query', "DELETE FROM forum_topics WHERE topic_id='{$topicid}'");
if (call('sql_num_rows', $topics_count) > 0) {
$result4 = call('sql_query', "SELECT * FROM forum_boards WHERE id='{$boardid}' AND last_msg='" . $topicdata['latest_reply'] . "'");
if (call('sql_num_rows', $result4) != 0) {
$result5 = call('sql_query', "SELECT id, board_id, post_time FROM forum_posts WHERE board_id='{$boardid}' ORDER BY post_time DESC LIMIT 1");
$pdata = call('sql_fetch_assoc', $result5);
$result6 = call('sql_query', "UPDATE forum_boards SET last_msg='" . $pdata['id'] . "', posts_count=posts_count-" . $del_posts . ", topics_count=topics_count-1 WHERE id='{$boardid}'");
}
} else {
$result6 = call('sql_query', "UPDATE forum_boards SET last_msg='0', posts_count=0, topics_count=0 WHERE id='{$boardid}'");
}
return true;
}
}
function editlink($name, $link, $predefined, $rank, $authid, $window, $width = '', $height = '', $id)
{
global $user, $error, $error_die;
if (empty($rank)) {
$error[] = 'You must state who this board is visible to';
return false;
} else {
foreach ($rank as $key => $value) {
$rank .= $value . ',';
}
$rank = str_replace('Array', '', $rank);
$count = strlen($rank);
$rank = substr($rank, 0, $count - 1);
}
if (!$user['admin_panel']) {
$error_die[] = 'You do not have permission to do this';
//No one should be able to actually use this function except an admin, its there just to be safe ;)
return false;
}
if (empty($name)) {
$error[] = 'You must specify a name';
return false;
}
if (empty($link) && empty($predefined)) {
$error[] = 'You must specify a url or a predefined page';
return false;
}
$sql = call('sql_query', "SELECT * FROM menu WHERE id = '{$id}'");
if (call('sql_num_rows', $sql) == 0) {
$error[] = 'This link no longer exists';
return false;
}
if (!empty($predefined)) {
$link = 'index.php?act=page&id=' . $predefined;
}
$authid = empty($authid) ? 0 : 1;
if ($window == 'popup' && (empty($height) || empty($width) || !is_numeric($height) || !is_numeric($width))) {
$error[] = 'You must specify the width/height for the popup as a whole number';
return false;
}
if (!errors()) {
$query = call('sql_query', "UPDATE menu SET name = '{$name}', link = '{$link}', rank = '{$rank}', authid = '{$authid}', window='{$window}', width='{$width}', height='{$height}' WHERE id = '{$id}'");
if ($query) {
return true;
}
}
}
function login($username, $password, $remember, $token = '')
{
global $settings, $user, $error, $error_die;
$result = call('sql_query', "SELECT * FROM users WHERE user = '******' AND pass = '******'");
$row = call('sql_fetch_array', $result);
// Can they login?
if (call('sql_num_rows', $result) == 0) {
$error[] = 'Wrong Username or Password';
return false;
}
if ($row['allow_login'] == 0) {
$error[] = 'Sorry, You can\'t login';
return false;
}
if ($username != $row['user']) {
$error[] = 'Wrong Username or Password';
return false;
}
if ($password != $row['pass']) {
$error[] = 'Wrong Username or Password';
return false;
}
if ($row['membergroup'] == 1) {
$error[] = 'Sorry, You can\'t login your account needs to be activated';
return false;
}
if (!errors()) {
$key = md5(call('generate_key', 32));
//Update there IP, last login and Session ID
$sql = call('sql_query', "UPDATE users SET ssid = '{$key}', lastlogin = '******', ip = '" . call('visitor_ip') . "', agent = '" . $_SERVER['HTTP_USER_AGENT'] . "' WHERE id = '" . $row['id'] . "'");
//remove their IP from the user's online so it does not say they are a guest any more in the users online panel
$query = call('sql_query', "DELETE FROM user_online WHERE ip = '" . call('visitor_ip') . "'");
$domain = $_SERVER['HTTP_HOST'] != 'localhost' ? $_SERVER['HTTP_HOST'] : false;
//check if they want to be remembered
if ($remember == 'on') {
$time = time() + 60 * 60 * 24 * 100;
} else {
$time = time() + 3600;
}
//Dont want to be remembered so only keep them logged in for an hour
setcookie(COOKIE_NAME, $key, $time, '', $domain);
if ($sql) {
return true;
}
}
}
function addlink($name, $link, $rank, $predefined, $authid, $window, $width = '', $height = '')
{
global $user, $error, $error_die, $settings;
if (empty($rank)) {
$error[] = 'You must state who this board is visible to';
return false;
} else {
foreach ($rank as $key => $value) {
$rank .= $value . ',';
}
$rank = str_replace('Array', '', $rank);
$count = strlen($rank);
$rank = substr($rank, 0, $count - 1);
}
if (!$user['admin_panel']) {
$error_die[] = 'You do not have permission to do this';
//No one should be able to actually use this function except an admin, its there just to be safe ;)
return false;
}
if (empty($name)) {
$error[] = 'You must specify a name';
return false;
}
if (empty($link) && empty($predefined)) {
$error[] = 'You must specify a url or a predefined page';
return false;
}
if ($window == 'popup' && (empty($height) || empty($width) || !is_numeric($height) || !is_numeric($width))) {
$error[] = 'You must specify the width/height for the popup as a whole number';
return false;
}
if (!errors()) {
if (!empty($predefined)) {
$link = $settings['site_url'] . '/index.php?act=page&id=' . $predefined;
}
$sql = call('sql_query', "SELECT * FROM menu ORDER BY item_order DESC");
$fetch = call('sql_fetch_array', $sql);
$order = call('sql_num_rows', $sql) == 0 ? 1 : $fetch['item_order'] + 1;
$authid = empty($authid) ? 0 : 1;
$query = call('sql_query', "INSERT INTO menu (name, link, rank, item_order, authid, window, height, width) VALUES ('{$name}', '{$link}', '{$rank}', '{$order}', '{$authid}', '{$window}', '{$height}', '{$width}')");
if ($query) {
return true;
}
}
}
function installtheme($folder, $visible)
{
global $user, $settings, $FUNCTIONS_LANG, $error, $error_die;
if (empty($visible)) {
$error[] = $FUNCTIONS_LANG["e_th_use_theme"];
return false;
} else {
foreach ($visible as $key => $value) {
$visible .= $value . ',';
}
$visible = str_replace('Array', '', $visible);
$count = strlen($visible);
$visible = substr($visible, 0, $count - 1);
}
if (!$user['admin_panel']) {
$error_die[] = $FUNCTIONS_LANG["e_permissions"];
//No one should be able to actually use this function except an admin, its there just to be safe ;)
return false;
}
# tut tut, dont mess around with the URLs
if (empty($folder)) {
$error[] = $FUNCTIONS_LANG["e_th_install_theme"];
return false;
}
$sql = call('sql_query', "SELECT * FROM themes WHERE folder = '{$folder}'");
# Must have pressed refresh, silly admin
if (call('sql_num_rows', $sql) != 0) {
$error[] = $FUNCTIONS_LANG["e_th_already_installed"];
return false;
}
if (!errors()) {
include 'themes/' . $folder . '/theme-info.php';
$query = call('sql_query', "INSERT INTO themes (theme_name, theme_author, author_site, author_email, theme_version, folder, theme_visibility, theme_preview) VALUES ('" . $theme['name'] . "', '" . $theme['author'] . "', '" . $theme['site'] . "', '" . $theme['email'] . "', '" . $theme['version'] . "', '{$folder}', '{$visible}', '" . $theme['preview'] . "')");
$theme_id = call('sql_insert_id');
# lets install all the theme settings
if (is_array($theme['settings'])) {
foreach ($theme['settings'] as $variable => $value) {
$sql = call('sql_query', "INSERT INTO theme_settings (theme_id, variable, value) VALUES ('" . $theme_id . "', '" . $variable . "', '" . $value . "')");
}
}
if ($query) {
return true;
}
}
}
function togglepanel($id, $online)
{
global $user, $error, $error_die;
if (!$user['admin_panel']) {
$error_die[] = 'You do not have permission to do this';
//No one should be able to actually use this function except an admin, its there just to be safe ;)
return false;
}
if (!errors()) {
$query = call('sql_query', "UPDATE panels SET online='{$online}' where id='{$id}'");
if ($query) {
return true;
} else {
$error[] = 'That panels Status could not be toggled, try editing it.';
return false;
}
}
}
function updateprofile2($userid, $currentpass, $avatar, $signature, $token, $location, $bday1, $bday2, $bday3, $msn, $icq, $yim, $aim, $offset, $gender)
{
global $user, $error, $error_die;
if (!empty($currentpass)) {
if ($currentpass != $user['pass']) {
$error[] = 'The current password entered is not correct';
return false;
}
}
if (empty($currentpass)) {
$error[] = 'You must enter your current password to update your profile';
return false;
}
call('checktoken', $token);
$bday = !empty($bday1) ? $bday1 . '/' . $bday2 . '/' . $bday3 : '';
if (!preg_match("/^[a-zA-Z]+[:\\/\\/]+[A-Za-z0-9\\-_]+\\.+[A-Za-z0-9\\.\\/%&=\\?\\-_]+\$/i", $avatar) && !empty($avatar)) {
$error[] = 'The avatar url entered is not valid';
return false;
}
if (!empty($avatar)) {
$imagecheck = call('image_info', $avatar);
if ($imagecheck == false) {
return false;
}
} else {
$imagecheck = true;
}
//revert the sanitization to get a correct character length reading
$signature_decode = htmlspecialchars_decode($signature, ENT_QUOTES);
if (strlen($signature_decode) > 300 && !empty($signature)) {
$error[] = 'The Signature is too long';
return false;
}
if ($offset > 24 || $offset < -24) {
$error[] = 'The offset entered is not valid';
return false;
}
if (!errors() && $imagecheck != false) {
$sql = call('sql_query', "UPDATE users SET avatar = '{$avatar}', signature= '{$signature}', birthday = '{$bday}', location = '{$location}', msn = '{$msn}', icq = '{$icq}', yim = '{$yim}', aim = '{$aim}', gender = '{$gender}', offset = '{$offset}' WHERE id = '{$userid}'");
if ($sql) {
return true;
}
}
}
